-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Mon, 1 Feb 2010 12:40:11 +0000
Source: chrony
Binary: chrony
Architecture: source amd64
Version: 1.21z-5+etch1
Distribution: oldstable-security
Urgency: high
Maintainer: John Hasler <jhasler@debian.org>
Changed-By: Nico Golde <nion@debian.org>
Description:
chrony - Sets your computer's clock from time servers on the Net
Changes:
chrony (1.21z-5+etch1) oldstable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* This update addresses the following security issues:
- CVE-2010-0292: chronyd replies to all cmdmon packets from unauthorized
hosts with.
- CVE-2010-0293: missing memory limit for to keep client information which
can lead to memory exhaustion through clients with spoofed IPs
- CVE-2010-0294: missing syslog limit could lead to filling up the disc
by triggering various log events in a loop.
Files:
41c78c176d00f2034298f0f91d9dcc7e 629 admin extra chrony_1.21z-5+etch1.dsc
84f76a73dff5a3c9e9f11f3c29a4e93b 310709 admin extra chrony_1.21z.orig.tar.gz
aef816a20684f142795441c9d0c2c39a 157657 admin extra chrony_1.21z-5+etch1.diff.gz
d87cea1f14f0834d91540f6125f53de9 337452 admin extra chrony_1.21z-5+etch1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAktmzYAACgkQHYflSXNkfP+z+ACgrcFdIgfFsrO2bRdoStz/72X/
+fsAn1qvF5crgnnLg0rKiWo/5yZqflr7
=rmYP
-----END PGP SIGNATURE-----
Accepted:
chrony_1.21z-5+etch1.diff.gz
to main/c/chrony/chrony_1.21z-5+etch1.diff.gz
chrony_1.21z-5+etch1.dsc
to main/c/chrony/chrony_1.21z-5+etch1.dsc
chrony_1.21z-5+etch1_amd64.deb
to main/c/chrony/chrony_1.21z-5+etch1_amd64.deb
