Accepted ntp 1:4.2.8p11+dfsg-1 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sun, 25 Mar 2018 23:52:51 +0200
Source: ntp
Binary: ntp ntpdate ntp-doc sntp
Architecture: source
Version: 1:4.2.8p11+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
ntp - Network Time Protocol daemon and utility programs
ntp-doc - Network Time Protocol documentation
ntpdate - client for setting system time from NTP servers (deprecated)
sntp - Network Time Protocol - sntp client
Closes: 851096 883022 889488
Changes:
ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
.
* New upstream version 4.2.8p11+dfsg (Closes: #851096)
- Refresh patches
- Drop ntpd-increase-stack-size included upstream
- CVE-2018-7185: Unauthenticated packet can reset authenticated
interleaved association (LOW/MED)
- CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
(LOW/MED)
- CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
symmetric passive peering (LOW)
- CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
- CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
behavior and information leak (Info/Medium)
- CVE-2016-1549: Sybil vulnerability: ephemeral association attack
(mitigated in 4.2.8p7)
* convert dfsg.sh into mk-origtargz script
* Run wrap-and-sort
* Sync AppArmor profile changes from Ubuntu, including a fix for a
harmless AppArmor denial in /usr/local (Closes: #883022)
* Don't chown in postinst recursively.
Thanks to Daniel Kahn Gillmor (Closes: #889488)
* Build sntp against system libevent
* Drop versioned build-deps already fulfilled by oldoldstable
Checksums-Sha1:
8b9e35430f04c08a67aec8aa81d37023bcc58303 2334 ntp_4.2.8p11+dfsg-1.dsc
9e7794f51236272c803dbd6e66017e911d8954ff 4342464 ntp_4.2.8p11+dfsg.orig.tar.xz
9dc0a12c9e764233dbe97a67f450a58e28341fa0 47764 ntp_4.2.8p11+dfsg-1.debian.tar.xz
7c529d468ce56fa696343e6c9654915e7bec50f2 7983 ntp_4.2.8p11+dfsg-1_amd64.buildinfo
Checksums-Sha256:
80136dcb1a96b13a5bcdeeb2901bfa695876f87e9d7a2d47040446d3e17860dc 2334 ntp_4.2.8p11+dfsg-1.dsc
ff11ac6a6c903698b303304af863582bc91ad68c456caec7ff8ef1c1ef9ca13b 4342464 ntp_4.2.8p11+dfsg.orig.tar.xz
a83cad73a18b9dac7f07ff5419005bb5f8b125e6c8533fb8b6cb1efa9e0ca8ee 47764 ntp_4.2.8p11+dfsg-1.debian.tar.xz
92b37d7403c3e82bc0806f0703c382efe820de33064e972fde6a262890e06f2e 7983 ntp_4.2.8p11+dfsg-1_amd64.buildinfo
Files:
a479d36bf15bc1181fd1b6034e21eeaa 2334 net optional ntp_4.2.8p11+dfsg-1.dsc
1fe80a1c34ec75a831c75083bc9e40ff 4342464 net optional ntp_4.2.8p11+dfsg.orig.tar.xz
9844966abf63f515f772cb89fd8c60a7 47764 net optional ntp_4.2.8p11+dfsg-1.debian.tar.xz
8b8d792b0820e37184c9b57f3510c32d 7983 net optional ntp_4.2.8p11+dfsg-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlq4IAgRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJPiXBAAnQ3Q1owq1CdkHayQgutssDZIKFgnVir3
jPTFrH9pWvyzb6GI2Ufyg705tdITK5cqVI7NkROfLtZVYb2qhxYsppBlI9CyXV7S
vI1b8TQe3UafYzxcReNs0QzMZWtUNkhazA6Howt8aWANcrm+PDbQH3S7T3eI0Gr9
Vuyg4ERe0R19G+99X+YqaBueEPev3QYa3qFpT4AM3qrnu2BumZfssjzifbasGF4p
HksLaj56xakn/a4vwdeqsY0w7Gl+fH1NZcCQVb1DGlqA4h993paWf5tp8drTPLLn
xEflHNbh7GgxNehD28OovsZ8TwOvUthpSJvGUF0iiedCf1K/ZTvM8g1Osdfh2Web
lkSRPTupYD6Xjtpst++AnFki4ddXMGbYhL7bgHKWJVpNXqMd/Jp2Qdv1wCao4l4H
9S12134ebYJ86VkDpiWOE5H99nbjEge5pn49ZjbZqe49mfT714kuNmlsh+s55mWy
9QR+WywDecIbuJ1ZI7m6eLhaZSoBC+l0J8F0Dt9SUSRcYrHrFLSJg9toEaddh5M5
QoJoxRR6uHUeE5wpnPIpu3NphjPEp+TbpcBWVL9SB4E1Zq8bEJqeaRy6O4PVzt6j
2QVgwd2s3LyokCAjVP8lGqLCPYMce63C4jzjPLfzT7NQMbNDK1ns+wQsDixdpUof
GhYi2kdQ12A=
=mHxi
-----END PGP SIGNATURE-----