4.2.4p7

bk: 4a110af33PbNdF-3yH9xGdzJCBaK6g

diff --git a/NEWS b/NEWS
index 2acbe4f5fb44e2b32db6e7007135c37910e4ad68..bbd4939bae7b44b740c9d2b9dc8ceaa7b5eeef8c 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -1,3 +1,41 @@
+NTP 4.2.4p7 (Harlan Stenn <stenn@ntp.org>, 2009/05/04)
+
+Focus: Security and Bug Fixes
+
+Severity: HIGH
+
+This release fixes the following high-severity vulnerability:
+
+* [Sec 1151] Remote exploit if autokey is enabled.  CVE-2009-1252
+
+  See http://support.ntp.org/security for more information.
+
+  If autokey is enabled (if ntp.conf contains a "crypto pw whatever"
+  line) then a carefully crafted packet sent to the machine will cause
+  a buffer overflow and possible execution of injected code, running
+  with the privileges of the ntpd process (often root).
+
+  Credit for finding this vulnerability goes to Chris Ries of CMU.
+
+This release fixes the following low-severity vulnerabilities:
+
+* [Sec 1144] limited (two byte) buffer overflow in ntpq.  CVE-2009-0159
+  Credit for finding this vulnerability goes to Geoff Keating of Apple.
+  
+* [Sec 1149] use SO_EXCLUSIVEADDRUSE on Windows
+  Credit for finding this issue goes to Dave Hart.
+
+This release fixes a number of bugs and adds some improvements:
+
+* Improved logging
+* Fix many compiler warnings
+* Many fixes and improvements for Windows
+* Adds support for AIX 6.1
+* Resolves some issues under MacOS X and Solaris
+
+THIS IS A STRONGLY RECOMMENDED UPGRADE.
+
+---
 NTP 4.2.4p6 (Harlan Stenn <stenn@ntp.org>, 2009/01/07)
 
 Focus: Security Fix

diff --git a/packageinfo.sh b/packageinfo.sh
index 53346ce29d084b72af0bed0ec61a792cb6acb3c9..c980b2902446df665e1bc5f2c4629e61d6b9c5b5 100644 (file)
--- a/packageinfo.sh
+++ b/packageinfo.sh
@@ -27,5 +27,5 @@ CLTAG=NTP_4_2_0
 # - - rcpoint gets set to 0
 # - - releasecandidate gets set to no
 # - GRONK is for -dev
-rcpoint=7
+rcpoint=GO
 #rcpoint=GRONK