There is no fixed version for Debian:11 rpm .

ntp vulnerabilities

Known vulnerabilities in the ntp package. This does not include vulnerabilities belonging to this package’s dependencies.

Vulnerability	Vulnerable Version
L Out-of-bounds Write	*
L Out-of-bounds Write	*
L Out-of-bounds Write	*
L Out-of-bounds Write	*
L Out-of-bounds Write	*
L Memory Leak	<1:4.2.8p15-1
L Improper Input Validation	<1:4.2.8p14+dfsg-1
L Improper Input Validation	<1:4.2.8p14+dfsg-1
H Resource Exhaustion	<1:4.2.8p14+dfsg-1
M Information Exposure	<1:4.2.8p3+dfsg-1
H NULL Pointer Dereference	<1:4.2.8p12+dfsg-4
M Directory Traversal	<1:4.2.8p4+dfsg-1
L Out-of-bounds Write	*
M Improper Input Validation	<1:4.2.8p10+dfsg-1
L Out-of-bounds Write	<1:4.2.8p11+dfsg-1
L CVE-2018-7185	<1:4.2.8p11+dfsg-1
M CVE-2018-7170	<1:4.2.8p11+dfsg-1
H Out-of-bounds Read	<1:4.2.8p11+dfsg-1
L CVE-2018-7184	<1:4.2.8p11+dfsg-1
M Improper Input Validation	<1:4.2.8p3+dfsg-1
H Insufficient Entropy	<1:4.2.6.p5+dfsg-7
M Loop with Unreachable Exit Condition ('Infinite Loop')	<1:4.2.8p4+dfsg-1
H Improper Input Validation	<1:4.2.8p4+dfsg-3
C Improper Authentication	<1:4.2.8p4+dfsg-1
H Missing Release of Resource after Effective Lifetime	<1:4.2.8p4+dfsg-1
C Buffer Overflow	<1:4.2.8p4+dfsg-1
M Improper Input Validation	<1:4.2.8p4+dfsg-1
H Buffer Overflow	<1:4.2.8p4+dfsg-1
H Improper Input Validation	<1:4.2.8p4+dfsg-1
M Improper Input Validation	<1:4.2.8p4+dfsg-1
H Use After Free	<1:4.2.8p4+dfsg-1
C Improper Input Validation	<1:4.2.8p4+dfsg-3
H Improper Input Validation	<1:4.2.8p4+dfsg-1
M Improper Input Validation	<1:4.2.8p4+dfsg-1
H Improper Input Validation	<1:4.2.8p4+dfsg-1
L Improper Input Validation	<1:4.2.8p3+dfsg-1
L Improper Input Validation	<1:4.2.8p3+dfsg-1
H Time and State	<1:4.2.8p4+dfsg-2
L Incorrect Type Conversion or Cast	<1:4.2.8p3+dfsg-1
L Access Restriction Bypass	<1:4.2.8p9+dfsg-2
L Out-of-Bounds	<1:4.2.8p10+dfsg-1
L Improper Input Validation	<1:4.2.8p10+dfsg-1
L Out-of-Bounds	<1:4.2.8p10+dfsg-1
H Out-of-Bounds	<1:4.2.8p10+dfsg-1
M Improper Input Validation	<1:4.2.8p10+dfsg-1
M Out-of-bounds Read	<1:4.2.8p7+dfsg-1
M Improper Access Control	<1:4.2.8p7+dfsg-1
M Improper Input Validation	<1:4.2.8p7+dfsg-1
L Security Features	<1:4.2.8p7+dfsg-1
H Improper Data Handling	<1:4.2.8p7+dfsg-1
L Security Features	<1:4.2.8p7+dfsg-1
M Improper Access Control	<1:4.2.8p7+dfsg-1
L Improper Input Validation	<1:4.2.8p7+dfsg-1
M Out-of-Bounds	<1:4.2.8p7+dfsg-1
M Improper Input Validation	<1:4.2.8p7+dfsg-1
H Resource Exhaustion	<1:4.2.8p7+dfsg-1
M NULL Pointer Dereference	<1:4.2.8p7+dfsg-1
M CVE-2015-8158	<1:4.2.8p7+dfsg-1
M Out-of-Bounds	<1:4.2.8p7+dfsg-1
H Resource Exhaustion	<1:4.2.8p9+dfsg-1
L Source Code	<1:4.2.8p9+dfsg-1
M NULL Pointer Dereference	<1:4.2.8p9+dfsg-1
M Resource Exhaustion	<1:4.2.8p9+dfsg-1
M Incorrect Calculation	<1:4.2.8p9+dfsg-1
M Improper Input Validation	<1:4.2.8p9+dfsg-1
H Improper Input Validation	<1:4.2.8p9+dfsg-1
M Resource Exhaustion	<1:4.2.8p9+dfsg-1
M Resource Exhaustion	<1:4.2.8p9+dfsg-1
H Integer Overflow or Wraparound	<1:4.2.8p4+dfsg-1
H Improper Data Handling	<1:4.2.8p7+dfsg-1
M Improper Data Handling	<1:4.2.8p7+dfsg-1
M Information Exposure	<1:4.2.8p7+dfsg-1
M Improper Input Validation	<1:4.2.8p7+dfsg-1
M Race Condition	<1:4.2.8p8+dfsg-1
H Race Condition	<1:4.2.8p8+dfsg-1
M CVE-2016-4956	<1:4.2.8p8+dfsg-1
H NULL Pointer Dereference	<1:4.2.8p8+dfsg-1
H Improper Authentication	<1:4.2.8p8+dfsg-1
L Improper Authentication	<1:4.2.8p7+dfsg-1
M Improper Input Validation	<1:4.2.6.p5+dfsg-4
M Improper Input Validation	<1:4.2.6.p5+dfsg-5
L Code	<1:4.2.6.p5+dfsg-6
M Code	<1:4.2.6.p5+dfsg-6
H CVE-2014-9293	<1:4.2.6.p5+dfsg-3.2
M Code	<1:4.2.6.p5+dfsg-3.2
H Out-of-Bounds	<1:4.2.6.p5+dfsg-3.2
H CVE-2014-9294	<1:4.2.6.p5+dfsg-3.2
L Improper Input Validation	<1:4.2.8p3+dfsg-1
M CVE-2009-3563	<1:4.2.4p8+dfsg-1
H Out-of-Bounds	<1:4.2.4p6+dfsg-2
L Out-of-Bounds	<1:4.2.4p6+dfsg-2
M Improper Authentication	<1:4.2.4p4+dfsg-8
M CVE-2005-2496	<1:4.2.0a+stable-2sarge1
M Integer Overflow or Wraparound	<4.0

Vulnerability

Vulnerable Version

Out-of-bounds Write