From owner-freebsd-current@freebsd.org  Wed Feb 17 16:51:40 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id E2864AAA6BB
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Wed, 17 Feb 2016 16:51:40 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (wonkity.com [67.158.26.137])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "wonkity.com", Issuer "wonkity.com" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id B2237100C;
 Wed, 17 Feb 2016 16:51:40 +0000 (UTC)
 (envelope-from wblock@wonkity.com)
Received: from wonkity.com (localhost [127.0.0.1])
 by wonkity.com (8.15.2/8.15.2) with ESMTPS id u1HGpc1h096011
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO);
 Wed, 17 Feb 2016 09:51:38 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Received: from localhost (wblock@localhost)
 by wonkity.com (8.15.2/8.15.2/Submit) with ESMTP id u1HGpcwb096002;
 Wed, 17 Feb 2016 09:51:38 -0700 (MST)
 (envelope-from wblock@wonkity.com)
Date: Wed, 17 Feb 2016 09:51:38 -0700 (MST)
From: Warren Block <wblock@wonkity.com>
To: Eric van Gyzen <vangyzen@FreeBSD.org>
cc: Kurt Jaeger <lists@opsec.eu>, Shawn Webb <shawn.webb@hardenedbsd.org>,
 "O. Hartmann" <ohartman@zedat.fu-berlin.de>,
 freebsd-current <freebsd-current@freebsd.org>
Subject: Re: CVE-2015-7547: critical bug in libc
In-Reply-To: <56C496AC.8000200@FreeBSD.org>
Message-ID: <alpine.BSF.2.20.1602170919240.44372@wonkity.com>
References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de>
 <20160217134003.GB57405@mutt-hardenedbsd>
 <20160217135028.GR26283@home.opsec.eu>
 <alpine.BSF.2.20.1602170713560.44372@wonkity.com>
 <56C496AC.8000200@FreeBSD.org>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.4.3
 (wonkity.com [127.0.0.1]); Wed, 17 Feb 2016 09:51:38 -0700 (MST)
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Feb 2016 16:51:41 -0000

On Wed, 17 Feb 2016, Eric van Gyzen wrote:

> On 02/17/2016 08:19, Warren Block wrote:
>> On Wed, 17 Feb 2016, Kurt Jaeger wrote:
>>
>>> A short note on the www.freebsd.org website would probably be helpful,
>>> as this case will produce a lot of noise.
>>
>> Maybe a short article like we did for leap seconds?
>> https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html
>>
>
> Articles are permanent, which makes sense for the recurring issue of
> leap seconds.  This vulnerability is transient, so I would suggest a
> news item.

Yes, but news items are usually just links.  For the amount of 
information we have so far, an article seems like the easiest way to do 
this.  Or maybe an addition to the security part of the web site?

For now, I'll collect the information as just text.