From owner-freebsd-stable@freebsd.org Tue Dec 13 18:18:25 2016 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 6528CC76B08 for ; Tue, 13 Dec 2016 18:18:25 +0000 (UTC) (envelope-from delphij@gmail.com) Received: from mail-yb0-x241.google.com (mail-yb0-x241.google.com [IPv6:2607:f8b0:4002:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 262961A93; Tue, 13 Dec 2016 18:18:25 +0000 (UTC) (envelope-from delphij@gmail.com) Received: by mail-yb0-x241.google.com with SMTP id v78so2507145ybe.0; Tue, 13 Dec 2016 10:18:25 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=pTi5zzqx9ZJqR3CR3PD1wxDonPhIcQeCeWmep6qIBZs=; b=COqqcqtZnfecpLutxTMKu65awk0X7YDK/SFhqiV+Pydgap0q9YT3I7Za+AlbNXdaaI zgTjuAEROsFyFhu/7PNWaxfLkZGlvT7sEG/eoXwXVGwGMGFrMz8juDEIqREDZDEC/DJ3 jyjFtJ5EfBVUfDaFsSZns/jshtlJeNKC93NWec8UZ0WS4atLpz7D1/umI7m2GU0r1dYa ln7hb2/x92i7xjRzFksGssGmC7Kknbz+k1WdP85an2cJgaHQp8eAGEHZLmtsntUl7Fcc yQiDXLZyfosJ7N9V+b+jVzTomqOFbkR1N0NBKxqQs71ovgd/IYM1LCGlzC2TKdYA8p1a 4iBA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=pTi5zzqx9ZJqR3CR3PD1wxDonPhIcQeCeWmep6qIBZs=; b=Sq8w+8UtkkyfBOE8ZzlnpNzqd8fVuDuWmkUDpfu/oRGyRVDNUnCSsXe8yoX/KSJWFe 4Ifkr9lf/kXNbEGHR05/ryxmi/hOUcC421oszhldDzGAJ0BQJ6YurhiLmfGsn7zfavN9 2n7pJUjcjqgc2govY5COQ2vqjHP7YGHFLDsmsIZqziugv/xreok3AIOhxGoCDTiNg7Hf FfeeoxvtjuMpy1C2hPr0SURoDKNPLVxw6PbSTJUtk7lSJ0Kj/y79mOc07ZShOgpKAbIk VlV6HxYWU8gdgS2fNHrXA0kdO5nHlI0N8dcWo+QuP5PAxRPf5IjSCuwaphu5jsca2qre YpyA== X-Gm-Message-State: AKaTC03cg99Vpr3Os3AcsFBt1il5rnJgqIxbwuWZ8lDhWXTgaJjBqJIhYeR29e9mTDoIQDTdRsQ4PoX80wGVTA== X-Received: by 10.176.6.233 with SMTP id g96mr80911864uag.97.1481653104190; Tue, 13 Dec 2016 10:18:24 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.50.215 with HTTP; Tue, 13 Dec 2016 10:18:23 -0800 (PST) In-Reply-To: <584F5A6D.7070507@sorbs.net> References: <5848EAB6.8040909@sorbs.net> <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org> <584F5A6D.7070507@sorbs.net> From: Xin LI Date: Tue, 13 Dec 2016 10:18:23 -0800 Message-ID: Subject: Re: CVE-2016-7434 NTP To: Michelle Sullivan Cc: Dimitry Andric , FreeBSD-STABLE Mailing List , Xin LI Content-Type: text/plain; charset=UTF-8 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2016 18:18:25 -0000 We plan to issue an EN to update the base system ntp to 4.2.8p9. The high impact issue is Windows only by the way. Cheers, On Mon, Dec 12, 2016 at 6:18 PM, Michelle Sullivan wrote: > Dimitry Andric wrote: >> >> On 08 Dec 2016, at 06:08, Michelle Sullivan wrote: >>> >>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? >> >> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this >> issue, to stable/9: >> >> https://svnweb.freebsd.org/changeset/base/309009 >> >> Unfortunately the commit message did not mention the CVE identifier. I >> can't find any corresponding security advisory either. >> >> -Dimitry >> > .... > > No updates needed to update system to 9.3-RELEASE-p52. > No updates are available to install. > Run '/usr/sbin/freebsd-update fetch' first. > [root@gauntlet /]# ntpd --version > ntpd 4.2.8p8-a (1) > > So no then... > > 9.3 is still so-say supported so I'm not talking about -STABLE. > > Michelle