diff -up ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1799 ntp-4.2.6p5/ntpd/ntp_proto.c
--- ntp-4.2.6p5/ntpd/ntp_proto.c.cve-2015-1799	2015-04-08 13:06:43.083810350 +0200
+++ ntp-4.2.6p5/ntpd/ntp_proto.c	2015-04-08 13:08:12.679980322 +0200
@@ -1101,16 +1101,6 @@ receive(
 	}
 
 	/*
-	 * Update the state variables.
-	 */
-	if (peer->flip == 0) {
-		if (hismode != MODE_BROADCAST)
-			peer->rec = p_xmt;
-		peer->dst = rbufp->recv_time;
-	}
-	peer->xmt = p_xmt;
-
-	/*
 	 * If this is a crypto_NAK, the server cannot authenticate a
 	 * client packet. The server might have just changed keys. Clear
 	 * the association and restart the protocol.
@@ -1157,6 +1147,16 @@ receive(
 	}
 
 	/*
+	 * Update the state variables.
+	 */
+	if (peer->flip == 0) {
+		if (hismode != MODE_BROADCAST)
+			peer->rec = p_xmt;
+		peer->dst = rbufp->recv_time;
+	}
+	peer->xmt = p_xmt;
+
+	/*
 	 * Set the peer ppoll to the maximum of the packet ppoll and the
 	 * peer minpoll. If a kiss-o'-death, set the peer minpoll to
 	 * this maximumn and advance the headway to give the sender some