Tue May 26 04:23:05 2009 UTC ()
Ticket 777.


(snj)
diff -r1.1.2.12 -r1.1.2.13 src/doc/CHANGES-5.0.1
cvs diff -r1.1.2.12 -r1.1.2.13 src/doc/Attic/CHANGES-5.0.1 (expand / switch to context diff)
--- src/doc/Attic/CHANGES-5.0.1 2009/05/18 21:39:23 1.1.2.12
+++ src/doc/Attic/CHANGES-5.0.1 2009/05/26 04:23:05 1.1.2.13
@@ -1,4 +1,4 @@
-# $NetBSD: CHANGES-5.0.1,v 1.1.2.12 2009/05/18 21:39:23 bouyer Exp $
+# $NetBSD: CHANGES-5.0.1,v 1.1.2.13 2009/05/26 04:23:05 snj Exp $
 
 A complete list of changes from the NetBSD 5.0 release to the NetBSD 5.0.1
 release:
@@ -127,4 +127,11 @@
 
 	Add "memory" clobber to mtpr for barrier.  See also kern/38637.
 	[mhitch, ticket #767]
+
+dist/ntp/ntpd/ntp_crypto.c			1.15
+
+	Fix CVE-2009-1252: Buffer overflow in ntpd crypto code. A remote
+	attacker can send a specially constructed request packet that
+	would overflow the sprintf()'ed buffer causing ntpd to crash.
+	[dholland, ticket #777]