From owner-freebsd-current@freebsd.org  Thu Feb 25 12:36:14 2016
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 89BDEAB202A
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Thu, 25 Feb 2016 12:36:14 +0000 (UTC)
 (envelope-from mail@m.jwh.me.uk)
Received: from eva.tinkyfi.com (eva.tinkyfi.com [107.191.63.190])
 by mx1.freebsd.org (Postfix) with ESMTP id 5828F12D6
 for <freebsd-current@freebsd.org>; Thu, 25 Feb 2016 12:36:13 +0000 (UTC)
 (envelope-from mail@m.jwh.me.uk)
Received: from [172.20.4.181] (cc29.ipi-group.co.uk [85.159.128.29])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 (Authenticated sender: mail@m.jwh.me.uk)
 by eva.tinkyfi.com (Postfix) with ESMTPSA id 3q9trk6sP8z5Hj9
 for <freebsd-current@freebsd.org>; Thu, 25 Feb 2016 12:36:06 +0000 (UTC)
Subject: Re: CVE-2015-7547: critical bug in libc
To: freebsd-current@freebsd.org
References: <20160217142410.18748906@freyja.zeit4.iv.bundesimmobilien.de>
 <20160217134003.GB57405@mutt-hardenedbsd>
 <B2C739F3-F6E3-4E74-B5BC-D0093C3F42B1@digsys.bg>
 <56C50A0C.5090207@m.jwh.me.uk>
 <alpine.BSF.2.20.1602180832170.3557@olive.macktronics.com>
 <b171c355f2225b85c64422d1f9788e33@ultimatedns.net>
From: Joe Holden <mail@m.jwh.me.uk>
Message-ID: <56CEF536.4060707@m.jwh.me.uk>
Date: Thu, 25 Feb 2016 12:36:06 +0000
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:38.0) Gecko/20100101
 Thunderbird/38.6.0
MIME-Version: 1.0
In-Reply-To: <b171c355f2225b85c64422d1f9788e33@ultimatedns.net>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 25 Feb 2016 12:36:14 -0000

On 22/02/2016 00:04, Chris H wrote:
> On Thu, 18 Feb 2016 08:39:32 -0600 (CST) Dan Mack <mack@macktronics.com> wrote
>
>> On Thu, 18 Feb 2016, Joe Holden wrote:
>>
>>> On 17/02/2016 14:07, Daniel Kalchev wrote:
>>>>> On 17.02.2016 ?., at 15:40, Shawn Webb <shawn.webb@hardenedbsd.org>
>>>>> wrote: >>>
>>>>> TL;DR: FreeBSD is not affected by CVE-2015-7547.
>>>>
>>>> Unless you use Linux applications under emulation.
>>>>
>>>> Daniel
>>>>
>>> Which is supported by ports so at most it should be a ports advisory and
>>> not a FreeBSD (base) SA and therefore not on the website.
>>>
>>> Just my 2p ;)
>> Documenting and putting out security advisiories for other operating
>> systems seems like a bad precedent in general.  The same could be said
>> for runniing java applications, windows under bhyve, etc. - *sigh* -
>> if the cross over use is common via a port, then have the port maybe
>> remind users to consult their distribution specific security
>> vulnerabilites prior to running it maybe - which is what they should
>> be doing anyway.
>>
>> That's my two insignificant cents :-)
>>
>> Dan
> If Sell distributes a bad batch of gasoline. It's not Chevrolet's
> responsibility to inform it's car buyers/owners, that Shell produced
> a bad batch of gasoline. Is it? :)
>
> --Chris
Exactly, however it is done now so nevermind