From: Harlan Stenn <stenn@ntp.org>
Date: Sat, 28 Jul 2018 05:03:57 +0000 (+0000)
Subject: 3505 description updates
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1ceb649cf092116ff396c0189727b8ac21743445;p=thirdparty%2Fntp.git

3505 description updates

bk: 5b5bf93dr76_7Cx6avWfI_RPgaX57Q
---

diff --git a/ChangeLog b/ChangeLog
index 302402236..7572d1ec9 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,7 +1,8 @@
 ---
 
 * [Sec 3505] CVE-2018-12327 - Arbitrary Code Execution Vulnerability
-  - fixed stack buffer overflow in NTPQ/NTPDC <perlinger@ntp.org>
+  - fixed stack buffer overflow in the openhost() command-line call
+    of NTPQ/NTPDC <perlinger@ntp.org>
 * [Sec 3012] noepeer tweaks.  <stenn@ntp.org>
 * [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,
              other TrustedBSD platforms
diff --git a/NEWS b/NEWS
index d3ac2e6db..99d37683b 100644
--- a/NEWS
+++ b/NEWS
@@ -11,9 +11,9 @@ This release fixes a "hole" in the noepeer capability introduced to ntpd
 in ntp-4.2.8p11, and a buffer overflow in the openhost() function used by
 ntpq and ntpdc.  It also provides 26 other bugfixes, and 4 other improvements:
 
-* [Sec 3505]
+* [Sec 3505] Buffer overflow in the openhost() call of ntpq and ntpdc.
 
-* [Sec 3012] 
+* [Sec 3012] Fix a hole in the new "noepeer" processing.
 
 * Bug Fixes:
  [Bug 3509] Add support for running as non-root on FreeBSD, Darwin,