[pkg-ntp-maintainers] squeeze update of ntp?
Kurt Roeckx
kurt at roeckx.be
Sat Feb 13 16:17:10 UTC 2016
On Sat, Feb 13, 2016 at 03:55:31PM +0000, Damyan Ivanov wrote:
> -=| Kurt Roeckx, 13.02.2016 11:49:24 +0100 |=-
> > On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote:
> > > Hello dear maintainer(s),
> > >
> > > The Debian LTS team would like to fix the security issues which are
> > > currently open in the Squeeze version of ntp:
> > > https://security-tracker.debian.org/tracker/source-package/ntp
> >
> > I was under the impression that squeeze LTS support ended?
>
> Ends on 29 February. See
> https://lists.debian.org/debian-announce/2016/msg00002.html
>
> > > Note that all of the squeeze-relevant issues are still open in the
> > > "newer" Debian releases (wheezy through sid).
> >
> > I'm waiting for upstream to actually fix things. I estimate it's
> > going to take 2 months.
>
> When this happens, do you plan to do a wheezy-lts upload too? (wheeszy
> will gain LTS support in March).
Yes.
> BTW CVE-2016-0727 seems to me to be Debian-specific, since the cron
> job is part of debian/. In case you missed it, there is a patch for it
> at
> http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/
Nobody seems to have informed me about this ... At first look
this also doesn't seem that important.
Kurt
More information about the pkg-ntp-maintainers
mailing list