Date: Tue, 13 Dec 2016 10:18:23 -0800 From: Xin LI <delphij@gmail.com> To: Michelle Sullivan <michelle@sorbs.net> Cc: Dimitry Andric <dim@freebsd.org>, FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, Xin LI <delphij@freebsd.org> Subject: Re: CVE-2016-7434 NTP Message-ID: <CAGMYy3sf2QOuRnX0rnEyiVRcHs-8LbrztYeOtKwn5wfWEyB1ng@mail.gmail.com> In-Reply-To: <584F5A6D.7070507@sorbs.net> References: <5848EAB6.8040909@sorbs.net> <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org> <584F5A6D.7070507@sorbs.net>
next in thread | previous in thread | raw e-mail | index | archive | help
We plan to issue an EN to update the base system ntp to 4.2.8p9. The high impact issue is Windows only by the way. Cheers, On Mon, Dec 12, 2016 at 6:18 PM, Michelle Sullivan <michelle@sorbs.net> wrote: > Dimitry Andric wrote: >> >> On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle@sorbs.net> wrote: >>> >>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? >> >> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this >> issue, to stable/9: >> >> https://svnweb.freebsd.org/changeset/base/309009 >> >> Unfortunately the commit message did not mention the CVE identifier. I >> can't find any corresponding security advisory either. >> >> -Dimitry >> > .... > > No updates needed to update system to 9.3-RELEASE-p52. > No updates are available to install. > Run '/usr/sbin/freebsd-update fetch' first. > [root@gauntlet /]# ntpd --version > ntpd 4.2.8p8-a (1) > > So no then... > > 9.3 is still so-say supported so I'm not talking about -STABLE. > > Michelle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAGMYy3sf2QOuRnX0rnEyiVRcHs-8LbrztYeOtKwn5wfWEyB1ng>