Re: CVE-2016-7434 NTP

2016-12-15 Thread Michelle Sullivan 

Xin LI wrote:

We plan to issue an EN to update the base system ntp to 4.2.8p9.

The high impact issue is Windows only by the way.

I don't think I'm even impacted - but $security team are going nuts 
about getting patched on all systems :/


Michelle
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: CVE-2016-7434 NTP

2016-12-13 Thread Xin LI 
We plan to issue an EN to update the base system ntp to 4.2.8p9.

The high impact issue is Windows only by the way.

Cheers,

On Mon, Dec 12, 2016 at 6:18 PM, Michelle Sullivan  wrote:
> Dimitry Andric wrote:
>>
>> On 08 Dec 2016, at 06:08, Michelle Sullivan  wrote:
>>>
>>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?
>>
>> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
>> issue, to stable/9:
>>
>> https://svnweb.freebsd.org/changeset/base/309009
>>
>> Unfortunately the commit message did not mention the CVE identifier.  I
>> can't find any corresponding security advisory either.
>>
>> -Dimitry
>>
> 
>
> No updates needed to update system to 9.3-RELEASE-p52.
> No updates are available to install.
> Run '/usr/sbin/freebsd-update fetch' first.
> [root@gauntlet /]# ntpd --version
> ntpd 4.2.8p8-a (1)
>
> So no then...
>
> 9.3 is still so-say supported so I'm not talking about -STABLE.
>
> Michelle
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: CVE-2016-7434 NTP

2016-12-13 Thread Dimitry Andric 
On 13 Dec 2016, at 03:18, Michelle Sullivan  wrote:
> 
> Dimitry Andric wrote:
>> On 08 Dec 2016, at 06:08, Michelle Sullivan  wrote:
>>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?
>> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
>> issue, to stable/9:
>> 
>> https://svnweb.freebsd.org/changeset/base/309009
>> 
>> Unfortunately the commit message did not mention the CVE identifier.  I
>> can't find any corresponding security advisory either.
...
> No updates needed to update system to 9.3-RELEASE-p52.
> No updates are available to install.
> Run '/usr/sbin/freebsd-update fetch' first.
> [root@gauntlet /]# ntpd --version
> ntpd 4.2.8p8-a (1)
> 
> So no then...
> 
> 9.3 is still so-say supported so I'm not talking about -STABLE.

Well, as I mentioned, there was no Security Advisory (which is a little
strange), so I didn't expect there to be any binary updates.  As far as
I know, binary updates are only built for Security Advisories and Errata
Notices.

-Dimitry



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: CVE-2016-7434 NTP

2016-12-12 Thread Michelle Sullivan 

Dimitry Andric wrote:

On 08 Dec 2016, at 06:08, Michelle Sullivan  wrote:

Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?

On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
issue, to stable/9:

https://svnweb.freebsd.org/changeset/base/309009

Unfortunately the commit message did not mention the CVE identifier.  I
can't find any corresponding security advisory either.

-Dimitry




No updates needed to update system to 9.3-RELEASE-p52.
No updates are available to install.
Run '/usr/sbin/freebsd-update fetch' first.
[root@gauntlet /]# ntpd --version
ntpd 4.2.8p8-a (1)

So no then...

9.3 is still so-say supported so I'm not talking about -STABLE.

Michelle
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: CVE-2016-7434 NTP

2016-12-11 Thread Dimitry Andric 
On 08 Dec 2016, at 06:08, Michelle Sullivan  wrote:
> 
> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?

On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this
issue, to stable/9:

https://svnweb.freebsd.org/changeset/base/309009

Unfortunately the commit message did not mention the CVE identifier.  I
can't find any corresponding security advisory either.

-Dimitry



signature.asc
Description: Message signed with OpenPGP using GPGMail

CVE-2016-7434 NTP

2016-12-07 Thread Michelle Sullivan 

Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3?

Michelle
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"