Comment 4 for bug 217699

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package ntp - 1:4.2.4p6+dfsg-1ubuntu1

---------------
ntp (1:4.2.4p6+dfsg-1ubuntu1) karmic; urgency=low

  * Merge from Debian unstable, remaining changes:
    - debian/ntp.conf, debian/ntpdate.default: Change default server to
      ntp.ubuntu.com.
    - debian/ntpdate.ifup: Stop ntp before running ntpdate when an interface
      comes up, then start again afterwards
    - debian/ntp.init, debian/rules: Only stop when entering single user mode.
    - debian/man/ntpdate.8 - fix debian shipped manpage; patch by
      Josh Holland <email address hidden>
  * Dropped changes, merged in Debian:
    - Build against libcap2 instead of libcap1, fixing a kernel warning
      about using an old interface.
  * Dropped changes, superseded upstream/in Debian:
    - debian/patches/CVE-2009-0021.patch: update ntpd/ntp_crypto.c to properly
      check the return code of EVP_VerifyFinal()
    - debian/patches/ipv6-gnu-source.patch: Define _GNU_SOURCE to make IPv6
      work.
  * Fixes LP: #217699

ntp (1:4.2.4p6+dfsg-1) unstable; urgency=low

  * New upstream release
    - Updated ntpdate-ipv6.patch, autotools.patch
    - Obsoletes no-ipv6-fix.patch, CVE-2009-0021.patch
  * Switched build dependency from libcap-dev to libcap2-dev (closes: #474639)
  * Added -D_GNU_SOURCE to CPPFLAGS, to support glibc 2.8 (closes: #507806)
  * Recognize "adjust" in ntpdate logcheck rules (closes: #493907)
  * Removed "dynamic" key word from default ntp.conf, because this is now
    obsolete and the default

ntp (1:4.2.4p4+dfsg-8) unstable; urgency=low

  * It did not properly check the return value of EVP_VerifyFinal
    which results in an malformed DSA signature being treated as
    a good signature rather than as an error. (CVE-2009-0021)

 -- Steve Langasek <email address hidden> Wed, 29 Apr 2009 06:08:19 +0000