Re: CVE-2016-7434 NTP
Xin LI wrote: We plan to issue an EN to update the base system ntp to 4.2.8p9. The high impact issue is Windows only by the way. I don't think I'm even impacted - but $security team are going nuts about getting patched on all systems :/ Michelle ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: CVE-2016-7434 NTP
We plan to issue an EN to update the base system ntp to 4.2.8p9. The high impact issue is Windows only by the way. Cheers, On Mon, Dec 12, 2016 at 6:18 PM, Michelle Sullivanwrote: > Dimitry Andric wrote: >> >> On 08 Dec 2016, at 06:08, Michelle Sullivan wrote: >>> >>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? >> >> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this >> issue, to stable/9: >> >> https://svnweb.freebsd.org/changeset/base/309009 >> >> Unfortunately the commit message did not mention the CVE identifier. I >> can't find any corresponding security advisory either. >> >> -Dimitry >> > > > No updates needed to update system to 9.3-RELEASE-p52. > No updates are available to install. > Run '/usr/sbin/freebsd-update fetch' first. > [root@gauntlet /]# ntpd --version > ntpd 4.2.8p8-a (1) > > So no then... > > 9.3 is still so-say supported so I'm not talking about -STABLE. > > Michelle ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: CVE-2016-7434 NTP
On 13 Dec 2016, at 03:18, Michelle Sullivanwrote: > > Dimitry Andric wrote: >> On 08 Dec 2016, at 06:08, Michelle Sullivan wrote: >>> Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? >> On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this >> issue, to stable/9: >> >> https://svnweb.freebsd.org/changeset/base/309009 >> >> Unfortunately the commit message did not mention the CVE identifier. I >> can't find any corresponding security advisory either. ... > No updates needed to update system to 9.3-RELEASE-p52. > No updates are available to install. > Run '/usr/sbin/freebsd-update fetch' first. > [root@gauntlet /]# ntpd --version > ntpd 4.2.8p8-a (1) > > So no then... > > 9.3 is still so-say supported so I'm not talking about -STABLE. Well, as I mentioned, there was no Security Advisory (which is a little strange), so I didn't expect there to be any binary updates. As far as I know, binary updates are only built for Security Advisories and Errata Notices. -Dimitry signature.asc Description: Message signed with OpenPGP using GPGMail
Re: CVE-2016-7434 NTP
Dimitry Andric wrote: On 08 Dec 2016, at 06:08, Michelle Sullivanwrote: Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this issue, to stable/9: https://svnweb.freebsd.org/changeset/base/309009 Unfortunately the commit message did not mention the CVE identifier. I can't find any corresponding security advisory either. -Dimitry No updates needed to update system to 9.3-RELEASE-p52. No updates are available to install. Run '/usr/sbin/freebsd-update fetch' first. [root@gauntlet /]# ntpd --version ntpd 4.2.8p8-a (1) So no then... 9.3 is still so-say supported so I'm not talking about -STABLE. Michelle ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
Re: CVE-2016-7434 NTP
On 08 Dec 2016, at 06:08, Michelle Sullivanwrote: > > Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? On Nov 22, in r309009, Xin Li merged ntp 4.2.8p9, which fixes this issue, to stable/9: https://svnweb.freebsd.org/changeset/base/309009 Unfortunately the commit message did not mention the CVE identifier. I can't find any corresponding security advisory either. -Dimitry signature.asc Description: Message signed with OpenPGP using GPGMail
CVE-2016-7434 NTP
Are we going to get a patch for CVE-2016-7434 on FreeBSD 9.3? Michelle ___ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"