On Wed, Apr 04, 2001 at 11:14:31PM -0500, Bud Rogers wrote: > On Wednesday 04 April 2001 22:24, Noah L. Meyerhans wrote: > > It would appear that every supported Debian version is currently > > vulnerable... Note that I've not tested this myself, but our version of > > ntp is definitely supposed to be vulnerable. > > And unfortunately, 4.0.99k seems to be the latest version available unless > you go to CVS.
Yes. The fix has been made in the FreeBSD CVS repository. I'm going to see about integrating it with our sources now. If I get a safe copy built I'll make a signed .deb available. I'm not a member of the official Debian security team, though, so you shouldn't necessarily trust me... noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpJaJXdeqZ9M.pgp
Description: PGP signature
