CVE-2015-7547: critical bug in libc
Dan Mack
mack at macktronics.com
Thu Feb 18 14:46:38 UTC 2016
On Thu, 18 Feb 2016, Joe Holden wrote:
> On 17/02/2016 14:07, Daniel Kalchev wrote:
>>
>>> On 17.02.2016 ?., at 15:40, Shawn Webb <shawn.webb at hardenedbsd.org> wrote:
>>>
>>> TL;DR: FreeBSD is not affected by CVE-2015-7547.
>>
>>
>> Unless you use Linux applications under emulation.
>>
>> Daniel
>>
> Which is supported by ports so at most it should be a ports advisory and
> not a FreeBSD (base) SA and therefore not on the website.
>
> Just my 2p ;)
Documenting and putting out security advisiories for other operating
systems seems like a bad precedent in general. The same could be said
for runniing java applications, windows under bhyve, etc. - *sigh* -
if the cross over use is common via a port, then have the port maybe
remind users to consult their distribution specific security
vulnerabilites prior to running it maybe - which is what they should
be doing anyway.
That's my two insignificant cents :-)
Dan
More information about the freebsd-current
mailing list