From owner-freebsd-current@freebsd.org Wed Feb 17 13:50:30 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id BA96AAAADF3 for ; Wed, 17 Feb 2016 13:50:30 +0000 (UTC) (envelope-from lists@opsec.eu) Received: from home.opsec.eu (home.opsec.eu [IPv6:2001:14f8:200::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 804F51E04 for ; Wed, 17 Feb 2016 13:50:30 +0000 (UTC) (envelope-from lists@opsec.eu) Received: from pi by home.opsec.eu with local (Exim 4.86 (FreeBSD)) (envelope-from ) id 1aW2Uu-000Igu-S5; Wed, 17 Feb 2016 14:50:28 +0100 Date: Wed, 17 Feb 2016 14:50:28 +0100 From: Kurt Jaeger To: Shawn Webb Cc: "O. Hartmann" , freebsd-current Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160217135028.GR26283@home.opsec.eu> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20160217134003.GB57405@mutt-hardenedbsd> X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 17 Feb 2016 13:50:30 -0000 Hi! > The project that's vulnerable is called "glibc", not "libc". The BSDs > don't use glibc, so the phrase "nothing to see here" applies. glibc > isn't even available in FreeBSD's ports tree. > > TL;DR: FreeBSD is not affected by CVE-2015-7547. A short note on the www.freebsd.org website would probably be helpful, as this case will produce a lot of noise. -- pi@opsec.eu +49 171 3101372 4 years to go !