From owner-freebsd-current@freebsd.org Thu Feb 18 17:30:29 2016 Return-Path: Delivered-To: freebsd-current@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 1E866AAD325 for ; Thu, 18 Feb 2016 17:30:29 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D588C3DE for ; Thu, 18 Feb 2016 17:30:28 +0000 (UTC) (envelope-from ohartman@zedat.fu-berlin.de) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.85) with esmtps (TLSv1.2:DHE-RSA-AES256-GCM-SHA384:256) (envelope-from ) id <1aWSPK-002u41-Ip>; Thu, 18 Feb 2016 18:30:26 +0100 Received: from f052131134.adsl.alicedsl.de ([78.52.131.134] helo=thor.walstatt.dynvpn.de) by inpost2.zedat.fu-berlin.de (Exim 4.85) with esmtpsa (TLSv1.2:AES128-GCM-SHA256:128) (envelope-from ) id <1aWSPK-000BRg-6n>; Thu, 18 Feb 2016 18:30:26 +0100 Date: Thu, 18 Feb 2016 18:30:25 +0100 From: "O. Hartmann" To: Kurt Jaeger Cc: Shawn Webb , freebsd-current Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <20160218183025.02dd3f14.ohartman@zedat.fu-berlin.de> In-Reply-To: <20160217135028.GR26283@home.opsec.eu> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> <20160217135028.GR26283@home.opsec.eu> Organization: FU Berlin X-Mailer: Claws Mail 3.13.2 (GTK+ 2.24.29; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; boundary="Sig_/ZzzL8p7zUTqDqmYcz/u7mqw"; protocol="application/pgp-signature" X-Originating-IP: 78.52.131.134 X-ZEDAT-Hint: A X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Feb 2016 17:30:29 -0000 --Sig_/ZzzL8p7zUTqDqmYcz/u7mqw Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Wed, 17 Feb 2016 14:50:28 +0100 Kurt Jaeger schrieb: > Hi! >=20 > > The project that's vulnerable is called "glibc", not "libc". The BSDs > > don't use glibc, so the phrase "nothing to see here" applies. glibc > > isn't even available in FreeBSD's ports tree. > >=20 > > TL;DR: FreeBSD is not affected by CVE-2015-7547. =20 >=20 > A short note on the www.freebsd.org website would probably be helpful, > as this case will produce a lot of noise. >=20 I'd like to second this! This could be some kind of use for the further pro= pagation of FreeBSD! Many people asked me since yesterday, whether the operating system= I used to base my appliances and work on does have the bug or not.=20 --Sig_/ZzzL8p7zUTqDqmYcz/u7mqw Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQEcBAEBCAAGBQJWxf+xAAoJEOgBcD7A/5N8qsMH+wXMGwXt+LC7eGtC1k+ekKXn 6p7qJ1V7SbffmzLA0akWxp3uImZOw1ssPIGWqOyat2djpEhDo7jUsJyiSVpehojB pB95xnZrDjR9jqTz5AEw7pG5vaC9FgZAN910DuJ4qNA5XfHRBRTbK3pgn4svVnDd 55pVsi4mjiZOcdu4JZz0kxveBUDrEpt6rx4M8p2En5KdphDPAfMxJ+UP74q+ltCn +O8ZSB47wwaRDI+8NgcepCbJOBUMslHnhLpX6fqiMnAVVj1FyKxvJex/D4I+ENdg 7s915tM2Bw1naSbVK6hMpwnrCGjGDrcJScGardwCeIrAeIuvDH1eiyqNZyIfQzE= =E0qc -----END PGP SIGNATURE----- --Sig_/ZzzL8p7zUTqDqmYcz/u7mqw--