From: Harlan Stenn Date: Wed, 1 Mar 2017 09:48:06 +0000 (+0000) Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p10 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f674839704dc7110a212eea2104a3d092ed73ec7;p=thirdparty%2Fntp.git Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p10 into psp-deb1.ntp.org:/net/nfs1/nfs/home/stenn/ntp-stable-3376 bk: 58b698d6WN50azq4CE_UQzxWurE0iQ --- f674839704dc7110a212eea2104a3d092ed73ec7 diff --cc ChangeLog index a7aefe82d,8832557b4..aef57d7f7 --- a/ChangeLog +++ b/ChangeLog @@@ -1,7 -1,29 +1,30 @@@ --- (4.2.8p10) + * [Sec 3393] clang scan-build findings + * [Sec 3389] NTP-01-016: Denial of Service via Malformed Config + (Pentest report 01.2017) + * [Sec 3388] NTP-01-014: Buffer Overflow in DPTS Clock + (Pentest report 01.2017) + * [Sec 3387] NTP-01-012: Authenticated DoS via Malicious Config Option + (Pentest report 01.2017) + * [Sec 3386] NTP-01-011: ntpq_stripquotes() returns incorrect Value + (Pentest report 01.2017) + * [Sec 3385] NTP-01-010: ereallocarray()/eallocarray() underused. HStenn + * [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line + (Pentest report 01.2017) + * [Sec 3382] NTP-01-007: Data Structure terminated insufficiently + (Pentest report 01.2017) + * [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver + (Pentest report 01.2017) + * [Sec 3379] NTP-01-004: Potential Overflows in ctl_put() functions + (Pentest report 01.2017) + * [Sec 3378] NTP-01-003: Improper use of snprintf() in mx4200_send() + (Pentest report 01.2017) + * [Sec 3377] NTP-01-002: Buffer Overflow in ntpq when fetching reslist + (Pentest report 01.2017) . * [Bug 3356] Bugfix 3072 breaks multicastclient