[Secure-testing-team] Bug#719203: chrony: CVE-2012-4502 and CVE-2012-4503
Salvatore Bonaccorso
carnil at debian.org
Fri Aug 9 08:46:07 UTC 2013
Package: chrony
Severity: important
Hi,
the following vulnerabilities were published for chrony.
CVE-2012-4502[0]:
Buffer overflow when processing crafted command packets
CVE-2012-4503[1]:
Uninitialized data in command replies
Upstream commits fixing these issues are at [2] and [3]. See also [4].
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] http://security-tracker.debian.org/tracker/CVE-2012-4502
[1] http://security-tracker.debian.org/tracker/CVE-2012-4503
[2] http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=7712455d9aa33d0db0945effaa07e900b85987b1
[3] http://git.tuxfamily.org/chrony/chrony.git/?p=chrony/chrony.git;a=commitdiff;h=c6fdeeb6bb0b17dc28c19ae492c4a1c498e54ea3
[4] http://permalink.gmane.org/gmane.comp.time.chrony.announce/15
Regards,
Salvatore
More information about the Secure-testing-team
mailing list