Date: Sun, 21 Feb 2016 16:04:41 -0800 From: "Chris H" <bsd-lists@bsdforge.com> To: <freebsd-current@freebsd.org> Subject: Re: CVE-2015-7547: critical bug in libc Message-ID: <b171c355f2225b85c64422d1f9788e33@ultimatedns.net> In-Reply-To: <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com> References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de> <20160217134003.GB57405@mutt-hardenedbsd> <B2C739F3-F6E3-4E74-B5BC-D0093C3F42B1@digsys.bg> <56C50A0C.5090207@m.jwh.me.uk>, <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 18 Feb 2016 08:39:32 -0600 (CST) Dan Mack <mack@macktronics.com> wrote > On Thu, 18 Feb 2016, Joe Holden wrote: > > > On 17/02/2016 14:07, Daniel Kalchev wrote: > >> > >>> On 17.02.2016 ?., at 15:40, Shawn Webb <shawn.webb@hardenedbsd.org> > >>> wrote: >>> > >>> TL;DR: FreeBSD is not affected by CVE-2015-7547. > >> > >> > >> Unless you use Linux applications under emulation. > >> > >> Daniel > >> > > Which is supported by ports so at most it should be a ports advisory and > > not a FreeBSD (base) SA and therefore not on the website. > > > > Just my 2p ;) > > Documenting and putting out security advisiories for other operating > systems seems like a bad precedent in general. The same could be said > for runniing java applications, windows under bhyve, etc. - *sigh* - > if the cross over use is common via a port, then have the port maybe > remind users to consult their distribution specific security > vulnerabilites prior to running it maybe - which is what they should > be doing anyway. > > That's my two insignificant cents :-) > > Dan If Sell distributes a bad batch of gasoline. It's not Chevrolet's responsibility to inform it's car buyers/owners, that Shell produced a bad batch of gasoline. Is it? :) --Chris
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?b171c355f2225b85c64422d1f9788e33>