Source: ntp Version: 1:4.2.6.p2+dfsg-1 Severity: grave Tags: security upstream fixed-upstream
Hi, the following vulnerabilities were published for ntp. CVE-2014-9293[0]: automatic generation of weak default key in config_auth() CVE-2014-9294[1]: ntp-keygen uses weak random number generator and seed when generating MD5 keys CVE-2014-9295[2]: Multiple buffer overflows via specially-crafted packets CVE-2014-9296[3]: receive() missing return on error The corresponding Red Hat bugzilla entries contain as well some more informations. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2014-9293 [1] https://security-tracker.debian.org/tracker/CVE-2014-9294 [2] https://security-tracker.debian.org/tracker/CVE-2014-9295 [3] https://security-tracker.debian.org/tracker/CVE-2014-9296 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
