Date: Thu, 18 Feb 2016 08:39:32 -0600 (CST) From: Dan Mack <mack@macktronics.com> To: Joe Holden <mail@m.jwh.me.uk> Cc: freebsd-current@freebsd.org Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com> In-Reply-To: <56C50A0C.5090207@m.jwh.me.uk> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> <B2C739F3-F6E3-4E74-B5BC-D0093C3F42B1@digsys.bg> <56C50A0C.5090207@m.jwh.me.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Feb 2016, Joe Holden wrote: > On 17/02/2016 14:07, Daniel Kalchev wrote: >> >>> On 17.02.2016 ?., at 15:40, Shawn Webb <shawn.webb@hardenedbsd.org> wrote: >>> >>> TL;DR: FreeBSD is not affected by CVE-2015-7547. >> >> >> Unless you use Linux applications under emulation. >> >> Daniel >> > Which is supported by ports so at most it should be a ports advisory and > not a FreeBSD (base) SA and therefore not on the website. > > Just my 2p ;) Documenting and putting out security advisiories for other operating systems seems like a bad precedent in general. The same could be said for runniing java applications, windows under bhyve, etc. - *sigh* - if the cross over use is common via a port, then have the port maybe remind users to consult their distribution specific security vulnerabilites prior to running it maybe - which is what they should be doing anyway. That's my two insignificant cents :-) Dan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1602180832170.3557>