On Sat, Feb 13, 2016 at 03:55:31PM +0000, Damyan Ivanov wrote: > -=| Kurt Roeckx, 13.02.2016 11:49:24 +0100 |=- > > On Sat, Feb 13, 2016 at 10:06:23AM +0000, Damyan Ivanov wrote: > > > Hello dear maintainer(s), > > > > > > The Debian LTS team would like to fix the security issues which are > > > currently open in the Squeeze version of ntp: > > > https://security-tracker.debian.org/tracker/source-package/ntp > > > > I was under the impression that squeeze LTS support ended? > > Ends on 29 February. See > https://lists.debian.org/debian-announce/2016/msg00002.html > > > > Note that all of the squeeze-relevant issues are still open in the > > > "newer" Debian releases (wheezy through sid). > > > > I'm waiting for upstream to actually fix things. I estimate it's > > going to take 2 months. > > When this happens, do you plan to do a wheezy-lts upload too? (wheeszy > will gain LTS support in March).
Yes. > BTW CVE-2016-0727 seems to me to be Debian-specific, since the cron > job is part of debian/. In case you missed it, there is a patch for it > at > http://www.halfdog.net/Security/2015/NtpCronjobUserNtpToRootPrivilegeEscalation/ Nobody seems to have informed me about this ... At first look this also doesn't seem that important. Kurt
