-=| Kurt Roeckx, 13.02.2016 11:49:24 +0100 |=- > On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote: > > Hello dear maintainer(s), > > > > The Debian LTS team would like to fix the security issues which are > > currently open in the Squeeze version of ntp: > > https://security-tracker.debian.org/tracker/source-package/ntp > > I was under the impression that squeeze LTS support ended?
Ends on 29 February. See https://lists.debian.org/debian-announce/2016/msg00002.html > > Note that all of the squeeze-relevant issues are still open in the > > "newer" Debian releases (wheezy through sid). > > I'm waiting for upstream to actually fix things. I estimate it's > going to take 2 months. When this happens, do you plan to do a wheezy-lts upload too? (wheeszy will gain LTS support in March). BTW CVE-2016-0727 seems to me to be Debian-specific, since the cron job is part of debian/. In case you missed it, there is a patch for it at http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ > They're all not that important. Cheers, dam
signature.asc
Description: Digital signature
