From: Harlan Stenn <stenn@ntp.org>
Date: Wed, 13 Jan 2016 09:08:06 +0000 (+0000)
Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p6
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=23a3d2ede418754aa0bf9fd705b8adbe113bcb65;p=thirdparty%2Fntp.git

Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p6
into  psp-deb1.ntp.org:/home/perlinger/ntp-stable-2945

bk: 569613f6X2DDI5Xky4vjOHOue7jDFw
---

23a3d2ede418754aa0bf9fd705b8adbe113bcb65
diff --cc ChangeLog
index 731fa701e,08030bbfe..c0aa1db4a
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,13 -1,6 +1,14 @@@
  ---
  
 +* [Sec 2935] Deja Vu: Replay attack on authenticated broadcast mode. HStenn.
 +* [Sec 2937] ntpq: nextvar() missing length check. perlinger@ntp.org
 +* [Sec 2938] ntpq saveconfig command allows dangerous characters
 +  in filenames. perlinger@ntp.org
 +* [Sec 2939] reslist NULL pointer dereference.  perlinger@ntp.org
 +* [Sec 2940] Stack exhaustion in recursive traversal of restriction
 +  list. perlinger@ntp.org
+ * [Sec 2945] Zero Origin Timestamp Bypass. perlinger@ntp.org
 +* Make leapsec_query debug messages less verbose.  Harlan Stenn.
  
  ---
  (4.2.8p5) 2016/01/07 Released by Harlan Stenn <stenn@ntp.org>
@@@ -66,9 -59,8 +67,8 @@@
  * Quiet a warning from clang.  Harlan Stenn.
  * Update the NEWS file.  Harlan Stenn.
  * Update scripts/calc_tickadj/Makefile.am.  Harlan Stenn.
 +
  ---
- (4.2.8p4-RC1) 2015/10/06 Released by Harlan Stenn <stenn@ntp.org>
 -(4.2.8p4) 2015/10/21 Released by Harlan Stenn <stenn@ntp.org>
  
  * [Sec 2899] CVE-2014-9297  perlinger@ntp.org
  * [Sec 2901] Drop invalid packet before checking KoD. Check for all KoD's.