Date: Wed, 17 Feb 2016 01:14:28 +0300 From: Chagin Dmitry <dchagin@freebsd.org> To: Warren Block <wblock@wonkity.com> Cc: Kurt Jaeger <lists@opsec.eu>, Shawn Webb <shawn.webb@hardenedbsd.org>, "O. Hartmann" <ohartman@zedat.fu-berlin.de>, freebsd-current <freebsd-current@freebsd.org> Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160216221428.GA26203@chd.heemeyer.club> In-Reply-To: <alpine.BSF.2.20.1602170713560.44372@wonkity.com> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> <20160217135028.GR26283@home.opsec.eu> <alpine.BSF.2.20.1602170713560.44372@wonkity.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Feb 17, 2016 at 07:19:07AM -0700, Warren Block wrote: > On Wed, 17 Feb 2016, Kurt Jaeger wrote: > > > Hi! > > > >> The project that's vulnerable is called "glibc", not "libc". The BSDs > >> don't use glibc, so the phrase "nothing to see here" applies. glibc > >> isn't even available in FreeBSD's ports tree. > >> > >> TL;DR: FreeBSD is not affected by CVE-2015-7547. > > What about software that uses emulators/linux_base? > see PR/207272 > > A short note on the www.freebsd.org website would probably be helpful, > > as this case will produce a lot of noise. > > Maybe a short article like we did for leap seconds? > https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html > > I can help with that. > _______________________________________________ > freebsd-current@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-current > To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20160216221428.GA26203>