Date: Wed, 17 Feb 2016 07:19:07 -0700 (MST) From: Warren Block <wblock@wonkity.com> To: Kurt Jaeger <lists@opsec.eu> Cc: Shawn Webb <shawn.webb@hardenedbsd.org>, "O. Hartmann" <ohartman@zedat.fu-berlin.de>, freebsd-current <freebsd-current@freebsd.org> Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <alpine.BSF.2.20.1602170713560.44372@wonkity.com> In-Reply-To: <20160217135028.GR26283@home.opsec.eu> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> <20160217135028.GR26283@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 17 Feb 2016, Kurt Jaeger wrote: > Hi! > >> The project that's vulnerable is called "glibc", not "libc". The BSDs >> don't use glibc, so the phrase "nothing to see here" applies. glibc >> isn't even available in FreeBSD's ports tree. >> >> TL;DR: FreeBSD is not affected by CVE-2015-7547. What about software that uses emulators/linux_base? > A short note on the www.freebsd.org website would probably be helpful, > as this case will produce a lot of noise. Maybe a short article like we did for leap seconds? https://www.freebsd.org/doc/en_US.ISO8859-1/articles/leap-seconds/article.html I can help with that.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?alpine.BSF.2.20.1602170713560.44372>