Date: Thu, 04 Sep 2014 05:27:18 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 193303] [SECURITY]: net/ntp: Current port version (4.2.6p5_3) is vulnerable. Requesting update (or merge from net/ntp-devel) Message-ID: <bug-193303-13-yxPct0D1RL@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-193303-13@https.bugs.freebsd.org/bugzilla/> References: <bug-193303-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=193303 Kubilay Kocak <koobs@FreeBSD.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|--- |Normal Status|Needs Triage |Open CC| |koobs@FreeBSD.org Assignee|freebsd-ports-bugs@FreeBSD. |cy@FreeBSD.org |org | Summary|NTP needs to be updated as |[SECURITY]: net/ntp: |a matter of urgency |Current port version | |(4.2.6p5_3) is vulnerable. | |Requesting update (or merge | |from net/ntp-devel) --- Comment #1 from Kubilay Kocak <koobs@FreeBSD.org> --- Thanks for your report Dave. The net/ntp port is currently marked FORBIDDEN, with a reference to the CVE (CVE-2013-5211) you referenced. The net/ntp-devel port has version 4.2.7p470 which is not vulnerable. I'm not sure if you knew this or not. Until such time as the net/ntp port is updated, I would recommend upgrading (replacing) net/ntp with net/ntp-devel. Assigning to maintainer. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-193303-13-yxPct0D1RL>