Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 02 Nov 2013 20:24:48 +0100
From:      Karl Pielorz <kpielorz_lst@tdx.co.uk>
To:        Dimitry Andric <dim@FreeBSD.org>
Cc:        freebsd-security@freebsd.org
Subject:   Re: ntpd 4.2.4p8 - up to date?
Message-ID:  <F148DAE409EE1AAB9AA06D6C@study64.tdx.co.uk>
In-Reply-To: <E520736B-8D62-4A97-AFFD-14F44B1CC290@FreeBSD.org>
References:  <7403C046ABF387E5061BC441@Mail-PC.tdx.co.uk> <CAFHbX1LAcE4c_E5J4pdny0hkz=GTPghmsB0kRuTDQdP9S8PCHg@mail.gmail.com> <E520736B-8D62-4A97-AFFD-14F44B1CC290@FreeBSD.org>
index | next in thread | previous in thread | raw e-mail 



--On 2 November 2013 01:18:24 +0100 Dimitry Andric <dim@FreeBSD.org> wrote:

>> [1] http://www.cvedetails.com/vulnerability-list/vendor_id-2153/NTP.html
>
> That page lists a bunch of CVEs, and the relevant ones have already had
> FreeBSD security advisories:
>
> CVE-2009-3563
> 	http://www.freebsd.org/security/advisories/FreeBSD-SA-10:02.ntpd.asc
> CVE-2009-1252
> 	http://www.freebsd.org/security/advisories/FreeBSD-SA-09:11.ntpd.asc
> CVE-2009-0159	not relevant, NTP before 4.2.4p7-RC2
> CVE-2009-0021	not relevant, NTP before 4.2.4p5
> CVE-2004-0657	not relevant, NTP before 4.0

So as I'd kind of guessed - it's not really vanilla 4.2.4p8 that it's 
running, it's based on 4.2.4p8 with additional patches that have been 
applied by FreeBSD, to address the applicable notifications?

-Karl
help

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F148DAE409EE1AAB9AA06D6C>