Actions
Bug #9388
closedUpdate ntpd
Start date:
03/10/2019
Due date:
% Done:
100%
Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.4.x
Affected Architecture:
All
Description
Ran pkg audit new install of 2.4.4-p2:
pkg audit -F Fetching vuln.xml.bz2: 100% 777 KiB 795.3kB/s 00:01 ntp-4.2.8p12 is vulnerable: ntp -- Crafted null dereference attack from a trusted source with an authenticated mode 6 packet CVE: CVE-2019-8936 WWW: https://vuxml.FreeBSD.org/freebsd/c2576e14-36e2-11e9-9eda-206a8a720317.html
Updated by Jim Pingle almost 6 years ago
- Target version changed from 48 to 2.5.0
Updated by Jim Pingle almost 6 years ago
- Category set to NTPD
- Assignee set to Renato Botelho
- Priority changed from Normal to High
- Affected Version set to 2.4.x
Updated by Renato Botelho almost 6 years ago
- Status changed from New to Feedback
- % Done changed from 0 to 100
4.2.8p13 imported to devel branch
Updated by Jim Pingle over 5 years ago
- Subject changed from pkg audit to Update ntpd
Updated by Jim Pingle almost 5 years ago
- Status changed from Feedback to Resolved
: pkg info -x ntp ntp-4.2.8p13_5 : pkg audit -F Fetching vuln.xml.bz2: 100% 826 KiB 846.3kB/s 00:01 0 problem(s) in 0 installed package(s) found.
Same output on 2.5.0 and 2.4.5.
Actions