From f74a9c5dcde24f1e1efea8d0e1748b7275cf2f3d Mon Sep 17 00:00:00 2001
From: Miroslav Lichvar <mlichvar@redhat.com>
Date: Aug 25 2015 09:52:41 +0000
Subject: 4.2.6p5-33


---

diff --git a/ntp.spec b/ntp.spec
index 9c4d03a..355fd8a 100644
--- a/ntp.spec
+++ b/ntp.spec
@@ -3,7 +3,7 @@
 Summary: The NTP daemon and utilities
 Name: ntp
 Version: 4.2.6p5
-Release: 32%{?dist}
+Release: 33%{?dist}
 # primary license (COPYRIGHT) : MIT
 # ElectricFence/ (not used) : GPLv2
 # kernel/sys/ppsclock.h (not used) : BSD with advertising
@@ -500,6 +500,13 @@ popd
 %{ntpdocdir}/html
 
 %changelog
+* Tue Aug 25 2015 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-33
+- ignore :config commands with invalid characters (CVE-2015-5146)
+- fix crash with invalid logconfig command (CVE-2015-5194)
+- fix crash when referencing disabled statistic type (CVE-2015-5195)
+- don't allow setting driftfile and pidfile remotely (CVE-2015-5196)
+- don't hang in sntp with crafted reply (CVE-2015-5219)
+
 * Wed Jul 22 2015 Miroslav Lichvar <mlichvar@redhat.com> 4.2.6p5-32
 - fix resetting of leap status
 - log when stepping clock for leap second or ignoring it with -x