From owner-freebsd-current@freebsd.org  Thu Feb 18 14:46:38 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B4661AAD916
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu, 18 Feb 2016 14:46:38 +0000 (UTC)
 (envelope-from mack@macktronics.com)
Received: from borg.macktronics.com (gw.macktronics.com [209.181.253.70])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 94BF41FDA
 for <freebsd-current@freebsd.org>; Thu, 18 Feb 2016 14:46:38 +0000 (UTC)
 (envelope-from mack@macktronics.com)
Received: from olive.macktronics.com (olive.macktronics.com [209.181.253.67])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by borg.macktronics.com (Postfix) with ESMTPS id 2997A299;
 Thu, 18 Feb 2016 08:39:32 -0600 (CST)
Date: Thu, 18 Feb 2016 08:39:32 -0600 (CST)
From: Dan Mack <mack@macktronics.com>
To: Joe Holden <mail@m.jwh.me.uk>
cc: freebsd-current@freebsd.org
Subject: Re: CVE-2015-7547: critical bug in libc
In-Reply-To: <56C50A0C.5090207@m.jwh.me.uk>
Message-ID: <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com>
References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de>
 <20160217134003.GB57405@mutt-hardenedbsd>
 <B2C739F3-F6E3-4E74-B5BC-D0093C3F42B1@digsys.bg>
 <56C50A0C.5090207@m.jwh.me.uk>
User-Agent: Alpine 2.20 (BSF 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII; format=flowed
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Feb 2016 14:46:38 -0000

On Thu, 18 Feb 2016, Joe Holden wrote:

> On 17/02/2016 14:07, Daniel Kalchev wrote:
>>
>>> On 17.02.2016 ?., at 15:40, Shawn Webb <shawn.webb@hardenedbsd.org> wrote:
>>>
>>> TL;DR: FreeBSD is not affected by CVE-2015-7547.
>>
>>
>> Unless you use Linux applications under emulation.
>>
>> Daniel
>>
> Which is supported by ports so at most it should be a ports advisory and 
> not a FreeBSD (base) SA and therefore not on the website.
>
> Just my 2p ;)

Documenting and putting out security advisiories for other operating
systems seems like a bad precedent in general.  The same could be said
for runniing java applications, windows under bhyve, etc. - *sigh* -
if the cross over use is common via a port, then have the port maybe
remind users to consult their distribution specific security
vulnerabilites prior to running it maybe - which is what they should
be doing anyway.

That's my two insignificant cents :-)

Dan