CVE-2016-7434 NTP
Dimitry Andric
dim at FreeBSD.org
Tue Dec 13 15:47:53 UTC 2016
On 13 Dec 2016, at 03:18, Michelle Sullivan <michelle at sorbs.net> wrote:
>
> Dimitry Andric wrote:
>> On 08 Dec 2016, at 06:08, Michelle Sullivan <michelle at sorbs.net> wrote:
>>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?
>> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
>> issue, to stable/9:
>>
>> https://svnweb.freebsd.org/changeset/base/309009
>>
>> Unfortunately the commit message did not mention the CVE identifier. I
>> can't find any corresponding security advisory either.
...
> No updates needed to update system to 9.3-RELEASE-p52.
> No updates are available to install.
> Run '/usr/sbin/freebsd-update fetch' first.
> [root at gauntlet /]# ntpd --version
> ntpd 4.2.8p8-a (1)
>
> So no then...
>
> 9.3 is still so-say supported so I'm not talking about -STABLE.
Well, as I mentioned, there was no Security Advisory (which is a little
strange), so I didn't expect there to be any binary updates. As far as
I know, binary updates are only built for Security Advisories and Errata
Notices.
-Dimitry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 194 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20161213/f38cccab/attachment.sig>
More information about the freebsd-stable
mailing list