From owner-freebsd-stable@freebsd.org  Sun Dec 11 16:14:45 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB339C72CBC
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Sun, 11 Dec 2016 16:14:45 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from tensor.andric.com (tensor.andric.com
 [IPv6:2001:7b8:3a7:1:2d0:b7ff:fea0:8c26])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "tensor.andric.com",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 946D73B6;
 Sun, 11 Dec 2016 16:14:45 +0000 (UTC) (envelope-from dim@FreeBSD.org)
Received: from [IPv6:2001:7b8:3a7::1dcc:707b:4521:d955] (unknown
 [IPv6:2001:7b8:3a7:0:1dcc:707b:4521:d955])
 (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by tensor.andric.com (Postfix) with ESMTPSA id A65EC129C2;
 Sun, 11 Dec 2016 17:14:42 +0100 (CET)
Content-Type: multipart/signed;
 boundary="Apple-Mail=_28F0395E-2D45-426E-BC41-B0C067CF2665";
 protocol="application/pgp-signature"; micalg=pgp-sha1
Mime-Version: 1.0 (Mac OS X Mail 9.3 \(3124\))
Subject: Re: CVE-2016-7434 NTP
From: Dimitry Andric <dim@FreeBSD.org>
In-Reply-To: <5848EAB6.8040909@sorbs.net>
Date: Sun, 11 Dec 2016 17:14:33 +0100
Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>,
 Xin LI <delphij@freebsd.org>
Message-Id: <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org>
References: <5848EAB6.8040909@sorbs.net>
To: Michelle Sullivan <michelle@sorbs.net>
X-Mailer: Apple Mail (2.3124)
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 11 Dec 2016 16:14:45 -0000


--Apple-Mail=_28F0395E-2D45-426E-BC41-B0C067CF2665
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
	charset=us-ascii

On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle@sorbs.net> wrote:
> 
> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?

On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
issue, to stable/9:

https://svnweb.freebsd.org/changeset/base/309009

Unfortunately the commit message did not mention the CVE identifier.  I
can't find any corresponding security advisory either.

-Dimitry


--Apple-Mail=_28F0395E-2D45-426E-BC41-B0C067CF2665
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.30

iEYEARECAAYFAlhNe3IACgkQsF6jCi4glqOuCwCfUDoUNiUEfXQLWmHql5hYz4wa
kyYAn1A+UZbiOtgGzn2djZ+Mz7D1WOWC
=m3zx
-----END PGP SIGNATURE-----

--Apple-Mail=_28F0395E-2D45-426E-BC41-B0C067CF2665--