From: Harlan Stenn <stenn@ntp.org>
Date: Wed, 1 Mar 2017 07:36:07 +0000 (+0000)
Subject: Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p10
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f758c46b0c87c7d4bd250ac2841cfeb76b432ba4;p=thirdparty%2Fntp.git

Merge psp-deb1.ntp.org:/home/stenn/ntp-stable-p10
into  psp-deb1.ntp.org:/net/nfs1/nfs/home/stenn/ntp-stable-3385

bk: 58b679e7zlnY-7MoC8exjFLFw9HRnA
---

f758c46b0c87c7d4bd250ac2841cfeb76b432ba4
diff --cc ChangeLog
index 53ebd1835,aa666199b..2771c7443
--- a/ChangeLog
+++ b/ChangeLog
@@@ -1,7 -1,19 +1,20 @@@
  ---
  (4.2.8p10)
  
 +* [Sec 3385] NTP-01-010 NTP: ereallocarray()/eallocarray() underused. HStenn
+ * [Sec 3383] NTP-01-008: Stack Buffer Overflow from Command Line
+   (Pentest report 01.2017) <perlinger@ntp.org>
+ * [Sec 3382] NTP-01-007: Data Structure terminated insufficiently
+   (Pentest report 01.2017) <perlinger@ntp.org>
+ * [Sec 3380] NTP-01-005: Off-by-one in Oncore GPS Receiver
+   (Pentest report 01.2017) <perlinger@ntp.org>
+ * [Sec 3379] NTP-01-004 Potential Overflows in ctl_put() functions
+   (Pentest report 01.2017) <perlinger@ntp.org>
+ * [Sec 3378] NTP-01-003 Improper use of snprintf() in mx4200_send()
+   (Pentest report 01.2017) <perlinger@ntp.org>
+ * [Sec 3377] NTP-01-002 Buffer Overflow in ntpq when fetching reslist
+   (Pentest report 01.2017) <perlinger@ntp.org
+ * [Sec 3361] 0rigin (zero origin) DoS.  HStenn.
  * [Bug 3363] Support for openssl-1.1.0 without compatibility modes
    - rework of patch set from <ntp.org@eroen.eu>. <perlinger@ntp.org>
  * [Bug 3356] Bugfix 3072 breaks multicastclient <perlinger@ntp.org>