ntp: security bump to version 4.2.8

Fixes: CVE-2014-9293 - ntpd generated a weak key for its internal use, with full administrative privileges. Attackers could use this key to reconfigure ntpd (or to exploit other vulnerabilities). CVE-2014-9294 - The ntp-keygen utility generated weak MD5 keys with insufficient entropy. CVE-2014-9295 - ntpd had several buffer overflows (both on the stack and in the data section), allowing remote authenticated attackers to crash ntpd or potentially execute arbitrary code. CVE-2014-9296 - The general packet processing function in ntpd did not handle an error case correctly. Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@free-electrons.com>
author: Gustavo Zacarias <gustavo@zacarias.com.ar> 2014-12-22 11:26:59 -0300
committer: Thomas Petazzoni <thomas.petazzoni@free-electrons.com> 2014-12-23 11:36:07 +0100
commit: 5d5c9a8dcb1f3385e70a2e089f6577c67eca59c3 (patch)
tree: 9951c95608747cc60c4d95a9c7e84b93e082303e /package/ntp/ntp.hash
parent: 02b1975b787fa01c1115eca34adf309ac0830ada (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash
new file mode 100644
index 000000000..2ff644981
--- /dev/null
+++ b/package/ntp/ntp.hash
@@ -0,0 +1,2 @@
+# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8.tar.gz.md5
+md5	6972a626be6150db8cfbd0b63d8719e7ntp-4.2.8.tar.gz
author	Gustavo Zacarias <gustavo@zacarias.com.ar>	2014-12-22 11:26:59 -0300
committer	Thomas Petazzoni <thomas.petazzoni@free-electrons.com>	2014-12-23 11:36:07 +0100
commit	5d5c9a8dcb1f3385e70a2e089f6577c67eca59c3 (patch)
tree	9951c95608747cc60c4d95a9c7e84b93e082303e /package/ntp/ntp.hash
parent	02b1975b787fa01c1115eca34adf309ac0830ada (diff)