From: Harlan Stenn <stenn@ntp.org>
Date: Mon, 5 Oct 2015 11:05:50 +0000 (+0000)
Subject: Merge psp-deb1.ntp.org:/home/perlinger/ntp-stable-2902
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6ad79f243b245baff9683f33ba79f5d75d0202c2;p=thirdparty%2Fntp.git

Merge psp-deb1.ntp.org:/home/perlinger/ntp-stable-2902
into  psp-deb1.ntp.org:/home/stenn/ntp-stable-sec

bk: 5612598eg_AqXLrQ05MHtwVJ48_qaw
---

6ad79f243b245baff9683f33ba79f5d75d0202c2
diff --cc ChangeLog
index a98128add,bc636294b..49036a540
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,5 -1,6 +1,7 @@@
  ---
 +* [Sec 2899] CVE-2014-9297  perlinger@ntp.org
+ * [Sec 2902] configuration directives "pidfile" and "driftfile"
+   should be local-only. perlinger@ntp.org (patch by Miroslav Lichvar)
  * [Bug 2332] (reopened) Exercise thread cancellation once before dropping
    privileges and limiting resources in NTPD removes the need to link
    forcefully against 'libgcc_s' which does not always work. J.Perlinger