From owner-freebsd-security@freebsd.org  Thu Jun 22 11:31:20 2017
Return-Path: <owner-freebsd-security@freebsd.org>
Delivered-To: freebsd-security@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 83603D8A236
 for <freebsd-security@mailman.ysv.freebsd.org>;
 Thu, 22 Jun 2017 11:31:20 +0000 (UTC)
 (envelope-from lars@e-new.0x20.net)
Received: from mail.0x20.net (mail.0x20.net [217.69.76.211])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "0x20.net",
 Issuer "COMODO RSA Domain Validation Secure Server CA" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 4565677EE5;
 Thu, 22 Jun 2017 11:31:19 +0000 (UTC)
 (envelope-from lars@e-new.0x20.net)
Received: from e-new.0x20.net (mail.0x20.net [IPv6:2001:aa8:fffb:1::3])
 (using TLSv1 with cipher DHE-RSA-AES128-SHA (128/128 bits))
 (No client certificate requested)
 by mail.0x20.net (Postfix) with ESMTPS id 5331C6E0081;
 Thu, 22 Jun 2017 13:31:17 +0200 (CEST)
Received: from e-new.0x20.net (localhost [127.0.0.1])
 by e-new.0x20.net (8.14.7/8.14.7) with ESMTP id v5MBVGon033445;
 Thu, 22 Jun 2017 13:31:16 +0200 (CEST)
 (envelope-from lars@e-new.0x20.net)
Received: (from lars@localhost)
 by e-new.0x20.net (8.14.7/8.14.7/Submit) id v5MBVG71033363;
 Thu, 22 Jun 2017 13:31:16 +0200 (CEST) (envelope-from lars)
Date: Thu, 22 Jun 2017 13:31:16 +0200
From: Lars Engels <lars.engels@0x20.net>
To: Michelle Sullivan <michelle@sorbs.net>
Cc: Remko Lodder <remko@FreeBSD.org>,
 "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>,
 Ed Maste <emaste@freebsd.org>
Subject: Re: The Stack Clash vulnerability
Message-ID: <20170622113115.GN19203@e-new.0x20.net>
Mail-Followup-To: Lars Engels <lars.engels@0x20.net>,
 Michelle Sullivan <michelle@sorbs.net>,
 Remko Lodder <remko@FreeBSD.org>,
 "freebsd-security@freebsd.org" <freebsd-security@freebsd.org>,
 Ed Maste <emaste@freebsd.org>
References: <F9B7242B-ED83-45C5-9196-6FD095AD9497@gvcgroup.com>
 <CAPyFy2CicxYBZpyy-pHS+Q=wTvwhpqi0fOKahEBDqiVe5h084A@mail.gmail.com>
 <CAPyFy2C4-hKG=hh0=th+RDwBzmMUqMqdg4YYZ76WxGS-JLnLBA@mail.gmail.com>
 <a1c45d20-78f9-e7d7-2f3e-d18c1723c5d5@sorbs.net>
 <0F042A4B-CB52-47EB-A191-D7617E51789A@FreeBSD.org>
 <187b2241-510e-20f8-50c6-16b318e22e89@sorbs.net>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
In-Reply-To: <187b2241-510e-20f8-50c6-16b318e22e89@sorbs.net>
X-Editor: VIM - Vi IMproved 7.4
User-Agent: Mutt/1.5.23 (2014-03-12)
X-Mailman-Approved-At: Thu, 22 Jun 2017 17:41:34 +0000
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Security issues \[members-only posting\]"
 <freebsd-security.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security/>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
 <mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Jun 2017 11:31:20 -0000

On Thu, Jun 22, 2017 at 01:14:33PM +0200, Michelle Sullivan wrote:
> I know, but with potentially serious issues even M$ issue patches for 
> older release...

Microsoft even has 114,000 employees [1]. There are billions of paying
customers, so Microsoft has staff and money to test and backport patches
to unsupported releases. 


[1] https://en.wikipedia.org/wiki/Microsoft