From owner-freebsd-current@freebsd.org  Mon Feb 22 00:03:07 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 16EB2AAFB51
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Mon, 22 Feb 2016 00:03:07 +0000 (UTC)
 (envelope-from bsd-lists@bsdforge.com)
Received: from udns.ultimatedns.net (static-24-113-41-81.wavecable.com
 [24.113.41.81])
 (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id E2D21CB7
 for <freebsd-current@freebsd.org>; Mon, 22 Feb 2016 00:03:06 +0000 (UTC)
 (envelope-from bsd-lists@bsdforge.com)
Received: from ultimatedns.net (localhost [127.0.0.1])
 by udns.ultimatedns.net (8.14.9/8.14.9) with ESMTP id u1M04ZAI029048
 for <freebsd-current@freebsd.org>; Sun, 21 Feb 2016 16:04:41 -0800 (PST)
 (envelope-from bsd-lists@bsdforge.com)
To: <freebsd-current@freebsd.org>
In-Reply-To: <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com>
References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de>
 <20160217134003.GB57405@mutt-hardenedbsd>
 <B2C739F3-F6E3-4E74-B5BC-D0093C3F42B1@digsys.bg>
 <56C50A0C.5090207@m.jwh.me.uk>,
 <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com>
From: "Chris H" <bsd-lists@bsdforge.com>
Subject: Re: CVE-2015-7547: critical bug in libc
Date: Sun, 21 Feb 2016 16:04:41 -0800
Content-Type: text/plain; charset=UTF-8; format=fixed
MIME-Version: 1.0
Message-id: <b171c355f2225b85c64422d1f9788e33@ultimatedns.net>
Content-Transfer-Encoding: 8bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Feb 2016 00:03:07 -0000

On Thu, 18 Feb 2016 08:39:32 -0600 (CST) Dan Mack <mack@macktronics.com> wrote

> On Thu, 18 Feb 2016, Joe Holden wrote:
> 
> > On 17/02/2016 14:07, Daniel Kalchev wrote:
> >>
> >>> On 17.02.2016 ?., at 15:40, Shawn Webb <shawn.webb@hardenedbsd.org>
> >>> wrote: >>>
> >>> TL;DR: FreeBSD is not affected by CVE-2015-7547.
> >>
> >>
> >> Unless you use Linux applications under emulation.
> >>
> >> Daniel
> >>
> > Which is supported by ports so at most it should be a ports advisory and 
> > not a FreeBSD (base) SA and therefore not on the website.
> >
> > Just my 2p ;)
> 
> Documenting and putting out security advisiories for other operating
> systems seems like a bad precedent in general.  The same could be said
> for runniing java applications, windows under bhyve, etc. - *sigh* -
> if the cross over use is common via a port, then have the port maybe
> remind users to consult their distribution specific security
> vulnerabilites prior to running it maybe - which is what they should
> be doing anyway.
> 
> That's my two insignificant cents :-)
> 
> Dan
If Sell distributes a bad batch of gasoline. It's not Chevrolet's
responsibility to inform it's car buyers/owners, that Shell produced
a bad batch of gasoline. Is it? :)

--Chris