Your message dated Thu, 17 Jan 2019 15:04:22 +0000 with message-id <e1gk9ds-000hsg...@fasolo.debian.org> and subject line Bug#919513: fixed in ntpsec 1.1.3+dfsg1-1 has caused the Debian Bug report #919513, regarding CVE-2019-6442 CVE-2019-6443 CVE-2019-6444 CVE-2019-6445 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 919513: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=919513 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: ntpsec Severity: grave Tags: security Please see https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6442 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6443 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6444 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6445 Cheers, Moritz
--- End Message ---
--- Begin Message ---Source: ntpsec Source-Version: 1.1.3+dfsg1-1 We believe that the bug you reported is fixed in the latest version of ntpsec, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 919...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Richard Laager <rlaa...@wiktel.com> (supplier of updated ntpsec package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 17 Jan 2019 04:17:46 -0600 Source: ntpsec Binary: ntpsec ntpsec-ntpdate ntpsec-ntpviz ntpsec-doc python3-ntp Architecture: source Version: 1.1.3+dfsg1-1 Distribution: unstable Urgency: high Maintainer: Richard Laager <rlaa...@wiktel.com> Changed-By: Richard Laager <rlaa...@wiktel.com> Description: ntpsec - Network Time Protocol daemon and utility programs ntpsec-doc - Network Time Protocol documentation ntpsec-ntpdate - client for setting system time from NTP servers ntpsec-ntpviz - NTP statistics graphing utility python3-ntp - Python 3 NTP Helper Classes Closes: 919513 Changes: ntpsec (1.1.3+dfsg1-1) unstable; urgency=high . * New upstream version (Closes: 919513) - Lots of typo fixes, documentation cleanups, test targets. - CVE-2019-6442: "An authenticated attacker can write one byte out of bounds in ntpd via a malformed config request, related to config_remotely in ntp_config.c, yyparse in ntp_parser.tab.c, and yyerror in ntp_parser.y." - CVE-2019-6443: "Because of a bug in ctl_getitem, there is a stack-based buffer over-read in read_sysvars in ntp_control.c in ntpd. - CVE-2019-6444: "process_control() in ntp_control.c has a stack-based buffer over-read because attacker-controlled data is dereferenced by ntohl() in ntpd." - CVE-2019-6445: "An authenticated attacker can cause a NULL pointer dereference and ntpd crash in ntp_control.c, related to ctl_getitem." * Drop debian/patches/fix-ntploggps.patch (merged upstream) * Refresh patches * Revert "Use python3-gps" At this time, python3-gps is only available in experimental. * Disable the waf PYTHON_GPS check * Update debian/copyright * Fix ntpdate.8 documentation of -B * Changes as of ntp_4.2.8p12+dfsg-3 have been merged as appropriate: - Update ntpdate.8 from ntpdate.html Thanks to Bernhard Schmidt <be...@debian.org> - Update ntpdate.README.Debian Thanks to Bernhard Schmidt <be...@debian.org> - As a notable exception, while the ntp package has removed the ntpdate hooks, I have not (yet?) done so in ntpsec. * Set Rules-Requires-Root: no * Sort debian/ntpsec.maintscript Checksums-Sha1: cb7a77e51c191d2cffac80dfdf15e020a1e0fc16 2385 ntpsec_1.1.3+dfsg1-1.dsc a4edb6006102f5c641d7c3a786c7bb8eaee91f49 2490447 ntpsec_1.1.3+dfsg1.orig.tar.gz 89a0f0c26e20893495478f6a4c4af013d3a3a674 44248 ntpsec_1.1.3+dfsg1-1.debian.tar.xz c4377c8a7c7cd5f16b8f3e174d9bf41405b27d25 9185 ntpsec_1.1.3+dfsg1-1_amd64.buildinfo Checksums-Sha256: 583ba864f845177857516279e1a08f60d9f52b4dd5176b91371da00ecc7b56ce 2385 ntpsec_1.1.3+dfsg1-1.dsc 5e5525ea8ea2e75ce9fb6dbf47cb4cd919e8929ee9f99f2e00bfcf3d2f1a7410 2490447 ntpsec_1.1.3+dfsg1.orig.tar.gz 98725fc86f92d6b0fc104bfc6b6310fde40c3c3dd756aabe156996b5cd7a8fc2 44248 ntpsec_1.1.3+dfsg1-1.debian.tar.xz 3ca0393599113f307e56f2c2f7da8c8f27f93cb62c4b6fb8c9be24edd7c9d59a 9185 ntpsec_1.1.3+dfsg1-1_amd64.buildinfo Files: 57b2538607e125e188f9c559be5b7677 2385 net optional ntpsec_1.1.3+dfsg1-1.dsc 7dac3394aa446a5799ca0f66bfa30217 2490447 net optional ntpsec_1.1.3+dfsg1.orig.tar.gz b150a0f0ca14139b74e4eb596584161e 44248 net optional ntpsec_1.1.3+dfsg1-1.debian.tar.xz f891b7fd3b55d77f13cfe34d93b6aaa4 9185 net optional ntpsec_1.1.3+dfsg1-1_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEE5Qr9Va3SequXFjqLIdIFiZdLPpYFAlxAlGMUHHRtYW5jaWxs QGRlYmlhbi5vcmcACgkQIdIFiZdLPpZXSBAAkE/E9rUMMSBLJHQuSKqUPh/T32sD MH0NbGGEkjKiX2A4oG54UEXGlqKHK7FSigDXS9RyAUzZEBMTYHp6L3H/jsQrEsF1 33gnIJEaxAu3Yos/030Xwlf7n45JFnbFiBt6XWp3yVHnDtR7MBeYQngWQT5lRR8u n7lCgtfU8ENlTCBtMV+rRb7JwmeJZnrX/BDb97y/AcQvwMgpB50gG3KCMMsg694/ rSNTKtCRLQwUSpENKnGw6+WtvEC23FsPCTXe2/Qv6ox8+/RIuN26s6sOc6ImEAj3 YmpRcKxgCPy3cnOKKs/EVFtp7SNCpiQyfZRVlyR396ncC78RD9kRoinOz1TVUsSA gQfccVxNqVojta90NZTwUIv3CdNxiB/dYRA0EAoaVTt7kYUa1e9kkRbIOhCj9ZiR FXho1UeGDYiLLhYzReMpWjgZCMnlSdjRGnGHp7JsDNn1YIrh5bCq5SxU+8AGTGia qBiK+hlAHt7ljkPiqnGfHPuWuMGrCAt6pir/RrTDn47peR7G5EZbi3xG6QrvtHJ9 TEIrvrIp6wUfjzbnz7ZP14BDTbLL53/OJ/wQMuQPX8HtEUaO/6IccRwe6TP5GmPM pPfbPCa7hbm+H36yLSkhMmcJxBxaCh6MKXfJXcUF+AOcv8WJNhO0kUv2VAk/ukGu dkC6zuUjbFFKOyA= =CM5C -----END PGP SIGNATURE-----
--- End Message ---
