[Buildroot] [PATCH] ntp: security bump to version 4.2.8p1
Peter Korsgaard
peter at korsgaard.com
Tue Feb 10 23:52:00 UTC 2015
>>>>> "Baruch" == Baruch Siach <baruch at tkos.co.il> writes:
> Fixes:
> CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
> leading to a potential information leak or possibly a crash
> CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
> Linux), so ACLs based on IPv6 ::1 addresses can be bypassed
> Drop a patch applied upstream, along with its accompanied AUTORECONF.
> Signed-off-by: Baruch Siach <baruch at tkos.co.il>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list