Sophie

• Search
• Distribution
• Explorer
• Source & Patches
• Chat
• Help
• About

distrib > Mageia > 5 > i586 > by-pkgid > cd0f440b578c03b7706d19492362a305 > changelog

ntp-4.2.6p5-24.7.mga5.src.rpm

• Info
• Deps
• Files
• Scripts
• ChangeLog
• Location
• Others versions
• Analyse

• Fri Nov 25 2016 luigiwalser <luigiwalser> 4.2.6p5-24.7.mga5

  + Revision: 1070156
  - add patches from fedora to fix security issues:
  - don't limit rate of packets from sources (CVE-2016-7426)
  - don't change interface from received packets (CVE-2016-7429)
  - require authentication for trap commands (CVE-2016-9310)
  - fix crash when reporting peer event to trappers (CVE-2016-9311)
  - add patches from fedora to fix more security issues:
  - CVE-2015-8139
  - CVE-2016-4954
  - CVE-2016-4955
  - CVE-2016-4956
  - add patches from fedora to fix more bugs and security issues:
  - update reference timestamp in orphan mode
  - allow sources specified by IPv6 link-local address
  - don't allow spoofed packet to enable symmetric interleaved mode
  (CVE-2016-1548)
  - don't crash on duplicate address in unconfig command (CVE-2016-2516)
  - check mode of new source in config command (CVE-2016-2518)
  - make MAC check resilient against timing attack (CVE-2016-1550)
  - rename CVE-2015-5196 to CVE-2015-7703
  - fix CVE-2015-7692 patch name
  - add patches from fedora to fix several bugs and security issues:
  - report clock state changes related to leap seconds
  - allow -4/-6 on restrict lines with mask
  - explain synchronised state in ntpstat man page
  - don't accept server/peer packets with zero origin timestamp (CVE-2015-8138)
  - fix crash with reslist command (CVE-2015-7977, CVE-2015-7978)
  - fix infinite loop in ntpq/ntpdc (CVE-2015-8158)
  - check key ID in packets authenticated with symmetric key (CVE-2015-7974)
  - don't allow spoofed packets to demobilize associations using symmetric key
  (CVE-2015-7979)
  - add patches from ubuntu to fix CVE-2015-785[035]
  - sync with fedora to fix October 2015 security issues:
  - check origin timestamp before accepting KoD RATE packet (CVE-2015-7704)
  - allow only one step larger than panic threshold with -g (CVE-2015-5300)
  - fix memory leak with autokey (CVE-2015-7701)
  - don't crash with crafted autokey packet (CVE-2015-7691, CVE-2015-7692,
  CVE-2015-7702)
  - don't crash in ntpq with crafted packet (CVE-2015-7852)
  - don't mobilize passive association with crypto NAK (CVE-2015-7871)
  - add patches from fedora to fix CVE-2015-5146, CVE-2015-519[4-6], CVE-2015-5219

• Wed Apr 8 2015 oden <oden> 4.2.6p5-24.mga5

  + Revision: 819877
  - P30: security fix for CVE-2015-1798
  - P31: security fix for CVE-2015-1799

• Sat Feb 28 2015 alien <alien> 4.2.6p5-23.mga5

  + Revision: 817214
  - New configurations are advised to use Orphan mode instead of local clocks

• Tue Feb 10 2015 luigiwalser <luigiwalser> 4.2.6p5-22.mga5

  + Revision: 814542
  - do not restrict ntpq from localhost

• Fri Feb 6 2015 luigiwalser <luigiwalser> 4.2.6p5-21.mga5

  + Revision: 813679
  - add patches from fedora to fix CVE-2014-9297 and CVE-2014-9298

• Sat Dec 20 2014 luigiwalser <luigiwalser> 4.2.6p5-20.mga5

  + Revision: 804330
  - link to openssl to fix build with CVE-2014-9294 patch
  - add patches from fedora to fix CVE-2014-929[3-6]

• Wed Oct 15 2014 umeabot <umeabot> 4.2.6p5-17.mga5

  + Revision: 748582
  - Second Mageia 5 Mass Rebuild

• Tue Sep 16 2014 umeabot <umeabot> 4.2.6p5-16.mga5

  + Revision: 682949
  - Mageia 5 Mass Rebuild

• Thu Jan 23 2014 luigiwalser <luigiwalser> 4.2.6p5-15.mga4

  + Revision: 567555
  - restrict some remote query types by default to mitigate CVE-2013-5211 (mga#12326)