Source: chrony Version: 1.30-1 Severity: grave Tags: security upstream patch fixed-upstream
*** /tmp/chrony.reportbug Package: chrony Severity: FILLINSEVERITY Tags: security Hi, the following vulnerabilities were published for chrony. Note, that I choosed severity grave, since two CVEs seem to potentially be exploited to execute arbitrary code and chronyd is running as root. Please lower the severity if you don't agree (I don't know chrony very well): CVE-2015-1821[0]: Heap out of bound write in address filter CVE-2015-1822[1]: uninitialized pointer in cmdmon reply slots CVE-2015-1853[2]: authentication doesn't protect symmetric associations against DoS attacks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-1821 [1] https://security-tracker.debian.org/tracker/CVE-2015-1822 [2] https://security-tracker.debian.org/tracker/CVE-2015-1853 Please adjust the affected versions in the BTS as needed. Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
