[src/trunk]: src/doc Latest ntp is 4.2.8p3 which contains security fix (low r...

[taca <taca%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/38f490d78d78
branches:  trunk
changeset: 339282:38f490d78d78
user:      taca <taca%NetBSD.org@localhost>
date:      Thu Jul 09 15:58:51 2015 +0000

description:
Latest ntp is 4.2.8p3 which contains security fix (low risk).

Security Fix:

* [Sec 2853] Crafted remote config packet can crash some versions of
  ntpd.  Aleksis Kauppinen, Juergen Perlinger, Harlan Stenn.

Under specific circumstances an attacker can send a crafted packet to
cause a vulnerable ntpd instance to crash. This requires each of the
following to be true:

1) ntpd set up to allow remote configuration (not allowed by default), and
2) knowledge of the configuration password, and
3) access to a computer entrusted to perform remote configuration.

This vulnerability is considered low-risk.

diffstat:

 doc/3RDPARTY |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (18 lines):

diff -r 4ca6df7ce2d3 -r 38f490d78d78 doc/3RDPARTY
--- a/doc/3RDPARTY      Thu Jul 09 14:50:08 2015 +0000
+++ b/doc/3RDPARTY      Thu Jul 09 15:58:51 2015 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: 3RDPARTY,v 1.1234 2015/07/09 14:32:24 christos Exp $
+#      $NetBSD: 3RDPARTY,v 1.1235 2015/07/09 15:58:51 taca Exp $
 #
 # This file contains a list of the software that has been integrated into
 # NetBSD where we are not the primary maintainer.
@@ -922,7 +922,7 @@
 
 Package:       ntp
 Version:       4.2.8p2
-Current Vers:  4.2.8p2
+Current Vers:  4.2.8p3
 Maintainer:    David L. Mills <mills%udel.edu@localhost>
 Archive Site:  http://www.ntp.org/
 Home Page:     http://www.ntp.org/, http://support.ntp.org/