From owner-freebsd-stable@freebsd.org  Tue Dec 13 02:19:00 2016
Return-Path: <owner-freebsd-stable@freebsd.org>
Delivered-To: freebsd-stable@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1AD4AC74FB1
 for <freebsd-stable@mailman.ysv.freebsd.org>;
 Tue, 13 Dec 2016 02:19:00 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
Received: from hades.sorbs.net (mail.sorbs.net [67.231.146.200])
 by mx1.freebsd.org (Postfix) with ESMTP id 0DCB71251;
 Tue, 13 Dec 2016 02:18:59 +0000 (UTC)
 (envelope-from michelle@sorbs.net)
MIME-version: 1.0
Content-transfer-encoding: 7BIT
Content-type: text/plain; CHARSET=US-ASCII; format=flowed
Received: from C02LJ0HMFFT4.corp.proofpoint.com
 (static-58-108-170-168.optusnet.com.au [58.108.170.168])
 by hades.sorbs.net (Oracle Communications Messaging Server 7.0.5.29.0 64bit
 (built Jul  9 2013)) with ESMTPSA id <0OI300781QSS8F00@hades.sorbs.net>; Mon,
 12 Dec 2016 18:26:54 -0800 (PST)
Subject: Re: CVE-2016-7434 NTP
To: Dimitry Andric <dim@FreeBSD.org>
Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>,
 Xin LI <delphij@freebsd.org>
References: <5848EAB6.8040909@sorbs.net>
 <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org>
From: Michelle Sullivan <michelle@sorbs.net>
Message-id: <584F5A6D.7070507@sorbs.net>
Date: Tue, 13 Dec 2016 12:18:21 +1000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:43.0)
 Gecko/20100101 Firefox/43.0 SeaMonkey/2.40
In-reply-to: <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org>
X-BeenThere: freebsd-stable@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Production branch of FreeBSD source code <freebsd-stable.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-stable>, 
 <mailto:freebsd-stable-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-stable/>
List-Post: <mailto:freebsd-stable@freebsd.org>
List-Help: <mailto:freebsd-stable-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-stable>,
 <mailto:freebsd-stable-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Dec 2016 02:19:00 -0000

Dimitry Andric wrote:
> On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle@sorbs.net> wrote:
>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?
> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
> issue, to stable/9:
>
> https://svnweb.freebsd.org/changeset/base/309009
>
> Unfortunately the commit message did not mention the CVE identifier.  I
> can't find any corresponding security advisory either.
>
> -Dimitry
>
....

No updates needed to update system to 9.3-RELEASE-p52.
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
[root@gauntlet /]# ntpd --version
ntpd 4.2.8p8-a (1)

So no then...

9.3 is still so-say supported so I'm not talking about -STABLE.

Michelle