ntpd in base may be vulnerable to http://www.kb.cert.org/vuls/id/852879 More information at http://support.ntp.org/bin/view/Main/SecurityNotice (Thanks for pointing it out, bjk)
Base system patch (DRAFT) at: https://reviews.freebsd.org/D1343
Over to delphij to see if this PR is stale.
Fixed as part of FreeBSD-SA-14:31.ntp.