On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle at sorbs.net> wrote:> > Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this issue, to stable/9: https://svnweb.freebsd.org/changeset/base/309009 Unfortunately the commit message did not mention the CVE identifier. I can't find any corresponding security advisory either. -Dimitry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 194 bytes Desc: Message signed with OpenPGP using GPGMail URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20161211/2bc88401/attachment.sig>
Dimitry Andric wrote:> On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle at sorbs.net> wrote: >> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? > On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this > issue, to stable/9: > > https://svnweb.freebsd.org/changeset/base/309009 > > Unfortunately the commit message did not mention the CVE identifier. I > can't find any corresponding security advisory either. > > -Dimitry >.... No updates needed to update system to 9.3-RELEASE-p52. No updates are available to install. Run '/usr/sbin/freebsd-update fetch' first. [root at gauntlet /]# ntpd --version ntpd 4.2.8p8-a (1) So no then... 9.3 is still so-say supported so I'm not talking about -STABLE. Michelle