[pkg-ntp-maintainers] Wheezy update of ntp?

Ola Lundqvist ola at inguza.com
Mon Nov 21 22:13:13 UTC 2016 

Hello dear maintainer(s),

The Debian LTS team would like to fix the security issues which are
currently open in the Wheezy version of ntp:
https://security-tracker.debian.org/tracker/CVE-2016-7426
https://security-tracker.debian.org/tracker/CVE-2016-7427
https://security-tracker.debian.org/tracker/CVE-2016-7428
https://security-tracker.debian.org/tracker/CVE-2016-7434
https://security-tracker.debian.org/tracker/CVE-2016-9310
https://security-tracker.debian.org/tracker/CVE-2016-9311
https://security-tracker.debian.org/tracker/CVE-2016-9312

Would you like to take care of this yourself?

If yes, please follow the workflow we have defined here:
https://wiki.debian.org/LTS/Development

If that workflow is a burden to you, feel free to just prepare an
updated source package and send it to debian-lts at lists.debian.org
(via a debdiff, or with an URL pointing to the source package,
or even with a pointer to your packaging repository), and the members
of the LTS team will take care of the rest. Indicate clearly whether you
have tested the updated package or not.

If you don't want to take care of this update, it's not a problem, we
will do our best with your package. Just let us know whether you would
like to review and/or test the updated package before it gets released.

You can also opt-out from receiving future similar emails in your
answer and then the LTS Team will take care of ntp updates
for the LTS releases. (In case we don't get any answer for months,
we may also take it as an opt-out, too.)

We have also reviewed the secrity isse(s) affecting your package in Wheezy:
https://security-tracker.debian.org/tracker/CVE-2016-7429
https://security-tracker.debian.org/tracker/CVE-2016-7431
https://security-tracker.debian.org/tracker/CVE-2016-7433

We decided that we would not prepare a wheezy security update (usually
because the security impact is low and that we concentrate our limited
resources on higher severity issues and on the most widely used packages).
That said the wheezy users would most certainly benefit from a fixed
package.

If you want to work on such an update, you're welcome to do so.
Please try to follow defined above.

Thank you very much.

Ola Lundqvist,
  on behalf of the Debian LTS team.

PS: A member of the LTS team might start working on this update at
any point in time. You can verify whether someone is registered
on this update in this file:
https://anonscm.debian.org/viewvc/secure-testing/data/dla-needed.txt?view=markup

More information about the pkg-ntp-maintainers mailing list