Date: Tue, 13 Dec 2016 12:18:21 +1000 From: Michelle Sullivan <michelle@sorbs.net> To: Dimitry Andric <dim@FreeBSD.org> Cc: FreeBSD-STABLE Mailing List <freebsd-stable@freebsd.org>, Xin LI <delphij@freebsd.org> Subject: Re: CVE-2016-7434 NTP Message-ID: <584F5A6D.7070507@sorbs.net> In-Reply-To: <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org> References: <5848EAB6.8040909@sorbs.net> <5AA6183C-44B5-4A0E-81E8-9B50FFE087F2@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Dimitry Andric wrote: > On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle@sorbs.net> wrote: >> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? > On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this > issue, to stable/9: > > https://svnweb.freebsd.org/changeset/base/309009 > > Unfortunately the commit message did not mention the CVE identifier. I > can't find any corresponding security advisory either. > > -Dimitry > .... No updates needed to update system to 9.3-RELEASE-p52. No updates are available to install. Run '/usr/sbin/freebsd-update fetch' first. [root@gauntlet /]# ntpd --version ntpd 4.2.8p8-a (1) So no then... 9.3 is still so-say supported so I'm not talking about -STABLE. Michelle
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?584F5A6D.7070507>