[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIH] Re: (fwd) [SECURITY] [DSA 045-1] ntp remote root exploit fixed



On Fri, Apr 06, 2001 at 04:39:52PM +0530, did Mithun Bhattacharya write:
> What exactly is Debian upto ??
> http://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/
> says ntp-4.0.99k.tar.gz was released on 20th July. I think I downloaded
> the RPM sometime in December. This is way too paranoid.
> ntp-4.0.99g.tar.gz was released on 27th Feb !!

Debian is patching the version of NTP that they packaged for their latest
/stable/ version (i.e 2.2 a.k.a. potato) to prevent the root exploit.  They
did not simply package the newer upstream version because it (the newer
versions) have not undergone sufficient testing.  Under these
circumstances, I think it is very admirable for Debian to distribute
patched versions for their last stable version.

Thaths
PS: I do not speak for my favorite distribution ;-)
-- 
pub  1024R/9B7FE6BD 1998-03-25 Sudhakar Chandrasekharan <thaths@xxxxxxxxx>
Key fingerprint = 8A 84 2E 67 10 9A 64 03  24 38 B6 AB 1B 6E 8C E4
uid                            Sudhakar Chandrasekharan <thaths@xxxxxxxxxxxx>