oss-sec mailing list archives
Re: Duplicate CVE: CVE-2015-7703 in NTP
From: Brad Knowles <brad () shub-internet org>
Date: Fri, 23 Oct 2015 17:30:23 -0500
On Oct 23, 2015, at 4:53 PM, Florian Weimer <fweimer () redhat com> wrote:
This is not the case. <security () ntp org> was notified on 2015-08-20. As the flaws were of low impact and there was no reaction, we disclosed the issues here: <http://openwall.com/lists/oss-security/2015/08/25/3>
And I followed that up by taking your post from this list and forwarding that to security () ntp org on Tue Aug 25
15:42:13 UTC 2015.
If anyone has any security issues with NTP and you would like to discuss things with us privately, our current
daily-use operational key is:
sec 3072R/0066B2FD 2015-08-12 [expires: 2017-08-11]
Key fingerprint = 0E21 6278 E81F 12C9 DD2A AEF5 AE63 639D 0066 B2FD
uid NTP.org Security Team (2015 Daily Use Operational Key) <security () ntp org>
ssb 3072R/C17304B1 2015-08-12
I don't know what else we can do to avoid duplicates.
Good question. Sometimes, you only discover after-the-fact that your XXX is someone else’s YYY, and so you have to be prepared to deal with the occasional collision. -- Brad Knowles <brad () shub-internet org> LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
Current thread:
- Duplicate CVE: CVE-2015-7703 in NTP Martin Prpic (Oct 22)
- Re: Duplicate CVE: CVE-2015-7703 in NTP cve-assign (Oct 23)
- Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Kurt Seifried (Oct 23)
- Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Florian Weimer (Oct 23)
- Re: Duplicate CVE: CVE-2015-7703 in NTP Brad Knowles (Oct 23)
- Re: Re: Duplicate CVE: CVE-2015-7703 in NTP Kurt Seifried (Oct 23)
- Re: Duplicate CVE: CVE-2015-7703 in NTP cve-assign (Oct 23)