ntpsec security fixes for bionic & cosmic
Bug #1812458 reported by
Richard Laager
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ntpsec (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bionic |
Fix Released
|
Undecided
|
Unassigned | ||
Cosmic |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
NTPsec < 1.1.3 has the following CVEs:
https:/
https:/
https:/
https:/
I am the maintainer of ntpsec in Debian. Debian has 1.1.3.
Ubuntu needs the following:
- cosmic needs the patches backported.
- bionic needs the patches backported.
I'm happy to do the work.
BTW, these issues may impact the ntp package too, but I'm not sure that anyone (the original report, ntp upstream, or ntp in Debian) has evaluated that.
information type: | Private Security → Public |
Changed in ntpsec (Ubuntu): | |
assignee: | nobody → Richard Laager (rlaager) |
status: | New → Confirmed |
summary: |
- ntpsec CVE-2019-6442 CVE-2019-6443 CVE-2019-6444 CVE-2019-6445 + Sync ntpsec 1.1.3+dfsg1-1 (universe) from Debian sid (main) |
description: | updated |
Changed in ntpsec (Ubuntu Cosmic): | |
status: | New → Confirmed |
Changed in ntpsec (Ubuntu Bionic): | |
status: | New → Confirmed |
To post a comment you must log in.
I've attached debdiffs for Bionic and Cosmic. This involved adding the three patches from upstream and running `quilt refresh` on each to get rid of the offset/fuzz.
I successfully built this in a PPA: https:/ /launchpad. net/~rlaager/ +archive/ ubuntu/ ntpsec/ +packages
I installed the Bionic version from that PPA and it works.