Debian Package Tracker

From: Bernhard Schmidt <berni@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted ntp 1:4.2.8p11+dfsg-1 (source) into unstable
Date: Sun, 25 Mar 2018 22:51:50 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 25 Mar 2018 23:52:51 +0200
Source: ntp
Binary: ntp ntpdate ntp-doc sntp
Architecture: source
Version: 1:4.2.8p11+dfsg-1
Distribution: unstable
Urgency: medium
Maintainer: Debian NTP Team <pkg-ntp-maintainers@lists.alioth.debian.org>
Changed-By: Bernhard Schmidt <berni@debian.org>
Description:
 ntp        - Network Time Protocol daemon and utility programs
 ntp-doc    - Network Time Protocol documentation
 ntpdate    - client for setting system time from NTP servers (deprecated)
 sntp       - Network Time Protocol - sntp client
Closes: 851096 883022 889488
Changes:
 ntp (1:4.2.8p11+dfsg-1) unstable; urgency=medium
 .
   * New upstream version 4.2.8p11+dfsg (Closes: #851096)
     - Refresh patches
     - Drop ntpd-increase-stack-size included upstream
     - CVE-2018-7185: Unauthenticated packet can reset authenticated
       interleaved association (LOW/MED)
     - CVE-2018-7184: Interleaved symmetric mode cannot recover from bad state
       (LOW/MED)
     - CVE-2018-7170 / CVE-2016-1549: Provide a way to prevent authenticated
       symmetric passive peering (LOW)
     - CVE-2018-7183: decodearr() can write beyond its 'buf' limits (Medium)
     - CVE-2018-7182: ctl_getitem(): buffer read overrun leads to undefined
       behavior and information leak (Info/Medium)
     - CVE-2016-1549: Sybil vulnerability: ephemeral association attack
       (mitigated in 4.2.8p7)
   * convert dfsg.sh into mk-origtargz script
   * Run wrap-and-sort
   * Sync AppArmor profile changes from Ubuntu, including a fix for a
     harmless AppArmor denial in /usr/local (Closes: #883022)
   * Don't chown in postinst recursively.
     Thanks to Daniel Kahn Gillmor (Closes: #889488)
   * Build sntp against system libevent
   * Drop versioned build-deps already fulfilled by oldoldstable
Checksums-Sha1:
 8b9e35430f04c08a67aec8aa81d37023bcc58303 2334 ntp_4.2.8p11+dfsg-1.dsc
 9e7794f51236272c803dbd6e66017e911d8954ff 4342464 ntp_4.2.8p11+dfsg.orig.tar.xz
 9dc0a12c9e764233dbe97a67f450a58e28341fa0 47764 ntp_4.2.8p11+dfsg-1.debian.tar.xz
 7c529d468ce56fa696343e6c9654915e7bec50f2 7983 ntp_4.2.8p11+dfsg-1_amd64.buildinfo
Checksums-Sha256:
 80136dcb1a96b13a5bcdeeb2901bfa695876f87e9d7a2d47040446d3e17860dc 2334 ntp_4.2.8p11+dfsg-1.dsc
 ff11ac6a6c903698b303304af863582bc91ad68c456caec7ff8ef1c1ef9ca13b 4342464 ntp_4.2.8p11+dfsg.orig.tar.xz
 a83cad73a18b9dac7f07ff5419005bb5f8b125e6c8533fb8b6cb1efa9e0ca8ee 47764 ntp_4.2.8p11+dfsg-1.debian.tar.xz
 92b37d7403c3e82bc0806f0703c382efe820de33064e972fde6a262890e06f2e 7983 ntp_4.2.8p11+dfsg-1_amd64.buildinfo
Files:
 a479d36bf15bc1181fd1b6034e21eeaa 2334 net optional ntp_4.2.8p11+dfsg-1.dsc
 1fe80a1c34ec75a831c75083bc9e40ff 4342464 net optional ntp_4.2.8p11+dfsg.orig.tar.xz
 9844966abf63f515f772cb89fd8c60a7 47764 net optional ntp_4.2.8p11+dfsg-1.debian.tar.xz
 8b8d792b0820e37184c9b57f3510c32d 7983 net optional ntp_4.2.8p11+dfsg-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQJFBAEBCgAvFiEE1uAexRal3873GVbTd1B55bhQvJMFAlq4IAgRHGJlcm5pQGRl
Ymlhbi5vcmcACgkQd1B55bhQvJPiXBAAnQ3Q1owq1CdkHayQgutssDZIKFgnVir3
jPTFrH9pWvyzb6GI2Ufyg705tdITK5cqVI7NkROfLtZVYb2qhxYsppBlI9CyXV7S
vI1b8TQe3UafYzxcReNs0QzMZWtUNkhazA6Howt8aWANcrm+PDbQH3S7T3eI0Gr9
Vuyg4ERe0R19G+99X+YqaBueEPev3QYa3qFpT4AM3qrnu2BumZfssjzifbasGF4p
HksLaj56xakn/a4vwdeqsY0w7Gl+fH1NZcCQVb1DGlqA4h993paWf5tp8drTPLLn
xEflHNbh7GgxNehD28OovsZ8TwOvUthpSJvGUF0iiedCf1K/ZTvM8g1Osdfh2Web
lkSRPTupYD6Xjtpst++AnFki4ddXMGbYhL7bgHKWJVpNXqMd/Jp2Qdv1wCao4l4H
9S12134ebYJ86VkDpiWOE5H99nbjEge5pn49ZjbZqe49mfT714kuNmlsh+s55mWy
9QR+WywDecIbuJ1ZI7m6eLhaZSoBC+l0J8F0Dt9SUSRcYrHrFLSJg9toEaddh5M5
QoJoxRR6uHUeE5wpnPIpu3NphjPEp+TbpcBWVL9SB4E1Zq8bEJqeaRy6O4PVzt6j
2QVgwd2s3LyokCAjVP8lGqLCPYMce63C4jzjPLfzT7NQMbNDK1ns+wQsDixdpUof
GhYi2kdQ12A=
=mHxi
-----END PGP SIGNATURE-----
News for package ntp
