NTP publicly disclosed a list of vulnerabilities, and corresponding fixes, on March 21[1].
The patched ntp 4.2.8p10 has been imported to 12.0-CURRENT on March 23[2], but a merge from current to releng/11.0 and releng/10.3 branches seems to still be missing. Is someone working on fixing that, and if so, how long until the SA is made public? Thanks -Johannes
signature.asc
Description: OpenPGP digital signature
