NTP publicly disclosed a list of vulnerabilities, and corresponding fixes, on March 21[1]. The patched ntp 4.2.8p10 has been imported to 12.0-CURRENT on March 23[2], but a merge from current to releng/11.0 and releng/10.3 branches seems to still be missing. Is someone working on fixing that, and if so, how long until the SA is made public? Thanks -Johannes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-security/attachments/20170410/242102fd/attachment.sig>