[pkg-ntp-maintainers] squeeze update of ntp?
Damyan Ivanov
dmn at debian.org
Sat Feb 13 15:55:31 UTC 2016
-=| Kurt Roeckx, 13.02.2016 11:49:24 +0100 |=-
> On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote:
> > Hello dear maintainer(s),
> >
> > The Debian LTS team would like to fix the security issues which are
> > currently open in the Squeeze version of ntp:
> > https://security-tracker.debian.org/tracker/source-package/ntp
>
> I was under the impression that squeeze LTS support ended?
Ends on 29 February. See
https://lists.debian.org/debian-announce/2016/msg00002.html
> > Note that all of the squeeze-relevant issues are still open in the
> > "newer" Debian releases (wheezy through sid).
>
> I'm waiting for upstream to actually fix things. I estimate it's
> going to take 2 months.
When this happens, do you plan to do a wheezy-lts upload too? (wheeszy
will gain LTS support in March).
BTW CVE-2016-0727 seems to me to be Debian-specific, since the cron
job is part of debian/. In case you missed it, there is a patch for it
at
http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
> They're all not that important.
Cheers,
dam
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-ntp-maintainers/attachments/20160213/7804aa39/attachment.sig>
More information about the pkg-ntp-maintainers
mailing list