projects / buildroot.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e424c13)
ntp: security bump to version 4.2.8p6
authorGustavo Zacarias <gustavo@zacarias.com.ar>
Wed, 20 Jan 2016 13:18:48 +0000 (10:18 -0300)
committerPeter Korsgaard <peter@korsgaard.com>
Wed, 20 Jan 2016 14:44:17 +0000 (15:44 +0100)
CVE-2015-7973 - Deja Vu: Replay attack on authenticated broadcast mode
CVE-2015-7974 - Skeleton Key: Missing key check allows impersonation
between authenticated peers
CVE-2015-7975 - nextvar() missing length check
CVE-2015-7976 - ntpq saveconfig command allows dangerous characters in
filenames
CVE-2015-7977 - reslist NULL pointer dereference
CVE-2015-7978 - Stack exhaustion in recursive traversal of restriction
list
CVE-2015-7979 - Off-path Denial of Service (DoS) attack on authenticated
broadcast mode
CVE-2015-8137 - origin: Zero Origin Timestamp Bypass
CVE-2015-8158 - Potential Infinite Loop in ntpq

Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/ntp/ntp.hash patch | blob | history
package/ntp/ntp.mk patch | blob | history

diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
index a98b2e251b759a3940bd6e8b19dfe4fc0daf5aad..0c2c29d5bc567cfca51b3a7dc23cbe7a9f8919c9 100644 (file)
--- a/package/ntp/ntp.hash
+++ b/package/ntp/ntp.hash
@@ -1,4 +1,4 @@
-# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p5.tar.gz.md5
-md5    9f02b2a0acc1617ce2716d529a58d2d8        ntp-4.2.8p5.tar.gz
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p6.tar.gz.md5
+md5    60049f51e9c8305afe30eb22b711c5c6        ntp-4.2.8p6.tar.gz
 # Calculated based on the hash above
-sha256 ca28baf4f6bb6fabdc1b62fd1dcec412be2e621192b40466a469a2496164f696        ntp-4.2.8p5.tar.gz
+sha256 583d0e1c573ace30a9c6afbea0fc52cae9c8c916dbc15c026e485a0dda4ba048        ntp-4.2.8p6.tar.gz
diff --git a/package/ntp/ntp.mk b/package/ntp/ntp.mk
index 2aadcab5355e1a27b5e5addb08f35e317287f328..2b99ef2d420385fd956bdf20770e9ecc05226435 100644 (file)
--- a/package/ntp/ntp.mk
+++ b/package/ntp/ntp.mk
@@ -5,7 +5,7 @@
 ################################################################################
 
 NTP_VERSION_MAJOR = 4.2
-NTP_VERSION = $(NTP_VERSION_MAJOR).8p5
+NTP_VERSION = $(NTP_VERSION_MAJOR).8p6
 NTP_SITE = http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-$(NTP_VERSION_MAJOR)
 NTP_DEPENDENCIES = host-pkgconf libevent $(if $(BR2_PACKAGE_BUSYBOX),busybox)
 NTP_LICENSE = ntp license