diff options
author | Baruch Siach <baruch@tkos.co.il> | 2015-02-10 14:46:37 +0200 |
---|---|---|
committer | Peter Korsgaard <peter@korsgaard.com> | 2015-02-11 00:35:18 +0100 |
commit | 67b845fcc90ddb738ca3344c2777f4f15fbc366f (patch) | |
tree | e09734b633a91d41761beca23ce062addd263f70 /package/ntp/ntp.hash | |
parent | c41229af06d759081e56ce762b63436eac786cfa (diff) |
ntp: security bump to version 4.2.8p1
Fixes:
CVE-2014-9297 - vallen is not validated in several places in ntp_crypto.c,
leading to a potential information leak or possibly a crash
CVE-2014-9298 - ::1 can be spoofed on some OSes (including "some versions" of
Linux), so ACLs based on IPv6 ::1 addresses can be bypassed
Drop a patch applied upstream, along with its accompanied AUTORECONF.
Signed-off-by: Baruch Siach <baruch@tkos.co.il>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/ntp/ntp.hash')
-rw-r--r-- | package/ntp/ntp.hash | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/package/ntp/ntp.hash b/package/ntp/ntp.hash index 1d1b907ad..8336be8dc 100644 --- a/package/ntp/ntp.hash +++ b/package/ntp/ntp.hash @@ -1,2 +1,2 @@ -# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8.tar.gz.md5 -md5 6972a626be6150db8cfbd0b63d8719e7 ntp-4.2.8.tar.gz +# From http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p1.tar.gz.md5 +md5 65d8cdfae4722226fbe29863477641ed ntp-4.2.8p1.tar.gz |