+++ This bug was initially created as a clone of Bug #22850 +++ Fedora has issued an advisory on March 27: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/PAWSWGYT4BYAU6JMQXZOD22NFWPCVJQP/ The issues are fixed upstream in 4.2.8p11. We should also add the noepeer restriction to the default config if we haven't: https://src.fedoraproject.org/cgit/rpms/ntp.git/commit/?h=f27&id=ddca0198432d804162e603e987237163b628c587
Assigning to all packagers collectively, since there is no registered maintainer for this package. CC'ing three committers.
CC: (none) => guichard.adrien, guillomovitch, lists.jjorge, marja11Assignee: bugsquad => pkg-bugs
Summary: ntp new security issue CVE-2016-1549, CVE-2018-717[0,2-5] => ntp new security issue CVE-2016-1549, CVE-2018-7170, CVE-2018-718[2-5]
Ubuntu has issued an advisory for the latter of these issues on July 9: https://usn.ubuntu.com/3707-1/ We can borrow patches from Ubuntu 14.04.
Unless I'm mistaken, Mageia 5 is officialy EOLed: https://blog.mageia.org/en/2017/11/07/mageia-5-eol-postponed/ So, why waste time providing update for it ?
We're still providing limited support for it for a number of reasons, but you're under no obligation to help with that, so don't worry about it. I'll take care of this when I have time.
Fedora has issued an advisory on August 30: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/437XM4CMBCMPK7D2RSEUZIRLFZD5ZNRD/ It fixes one additional issue.
Summary: ntp new security issue CVE-2016-1549, CVE-2018-7170, CVE-2018-718[2-5] => ntp new security issues CVE-2016-1549, CVE-2018-7170, CVE-2018-718[2-5], CVE-2018-12327
The limited support Mga5 continued to have after its official EOL has ended, so closing this bug as OLD.
Resolution: (none) => OLDStatus: NEW => RESOLVED