From: Harlan Stenn <stenn@ntp.org>
Date: Wed, 21 Feb 2018 00:51:56 +0000 (+0000)
Subject: Add CVEs for security bugs in p11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=096971800168aee1c09ee015051b5eceda52b7ed;p=thirdparty%2Fntp.git

Add CVEs for security bugs in p11

bk: 5a8cc2accc8C46R-Ne6nmZr2VdhlgA
---

diff --git a/NEWS b/NEWS
index 387732065..e4f5d8f8e 100644
--- a/NEWS
+++ b/NEWS
@@ -14,7 +14,7 @@ provides 65 other non-security fixes and improvements:
 * NTP Bug 3454: Unauthenticated packet can reset authenticated interleaved
 	association (LOW/MED)
    Date Resolved: Stable (4.2.8p11) 27 Feb 2018
-   References: Sec 3454
+   References: Sec 3454 / CVE-2018-7185
    Affects: ntp-4.2.6, up to but not including ntp-4.2.8p11.
    CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:N/I:N/A:P) This could score between
 	2.9 and 6.8.
@@ -52,7 +52,7 @@ provides 65 other non-security fixes and improvements:
 * NTP Bug 3453: Interleaved symmetric mode cannot recover from bad
 	state (LOW/MED)
    Date Resolved: Stable (4.2.8p11) 27 Feb 2018
-   References: Sec 3453
+   References: Sec 3453 / CVE-2018-7184
    Affects: ntpd in ntp-4.2.8p4, up to but not including ntp-4.2.8p11.
    CVSS2: MED 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N)
 	Could score between 2.9 and 6.8.
@@ -82,7 +82,8 @@ provides 65 other non-security fixes and improvements:
 * NTP Bug 3415: Provide a way to prevent authenticated symmetric passive
 	peering (LOW)
    Date Resolved: Stable (4.2.8p11) 27 Feb 2018
-   References: Sec 3012 / CVE-2016-1549 / VU#718152
+   References: Sec 3415 / CVE-2018-7170
+   	       Sec 3012 / CVE-2016-1549 / VU#718152
    Affects: All ntp-4 releases up to, but not including 4.2.8p7, and
    	4.3.0 up to, but not including 4.3.92.  Resolved in 4.2.8p11.
    CVSS2: LOW 3.5 - (AV:N/AC:M/Au:S/C:N/I:P/A:N)
@@ -120,7 +121,7 @@ provides 65 other non-security fixes and improvements:
 
 * ntpq Bug 3414: decodearr() can write beyond its 'buf' limits (Medium)
    Date Resolved: 27 Feb 2018
-   References: Sec 3414
+   References: Sec 3414 / CVE-2018-7183
    Affects: ntpq in ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
    CVSS2: MED 6.8 (AV:N/AC:M/Au:N/C:P/I:P/A:P)
    CVSS3: MED 5.0 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L
@@ -144,7 +145,7 @@ provides 65 other non-security fixes and improvements:
 * NTP Bug 3412: ctl_getitem(): buffer read overrun leads to undefined
 	behavior and information leak (Info/Medium)
    Date Resolved: 27 Feb 2018
-   References: Sec 3412
+   References: Sec 3412 / CVE-2018-7182
    Affects: ntp-4.2.8p6, up to but not including ntp-4.2.8p11.
    CVSS2: INFO 0.0 - MED 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 0.0 if C:N
    CVSS3: NONE 0.0 - MED 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N