From: Jean-Pierre Schwickerath <gentoo@schwicky.net>
To: gentoo-hardened@lists.gentoo.org
Subject: Re: [gentoo-hardened] security updates
Date: Sat, 10 Feb 2007 19:21:44 +0100 [thread overview]
Message-ID: <20070210192144.3144fb74@ws001.ch.schwicky.lan> (raw)
In-Reply-To: <20070210160237.GB5317@swordfish.capgemini.hu>
Hi,
> I see now that glibc 2.4-r3 should be upgraded to 2.4-r4 (by the way,
> where can I check the differences (Changelog) between two gentoo
> versions (like r3 and r4)?)
Check the -l flag when using emerge. For instance:
emerge -plavuD world
> So my question: If someone finds a bug in glibc that gets corrected,
> what does the gentoo maintainers do about it? Do they backport the fix
> in all 8 versions? Or just in some of the versions and mark the not
> fixed ones ~?
I'm sure here.
But on the glsa-notice you'll see which versions are vulnerable and
which are unaffected by the corrected bug.
> Is there some mailinglist (like debian-security-announce) where such
> security fixes are announced?
Have a look at http://www.gentoo.org/security/en/
You'll find infos on the glsa-check utility and the mailinglist.
> What is the reason that the hardened profile selects the 2.3.6 version
> instead of the 2.4? I mean not in glibc's case only, but generally.
>
> Does libc 2.4 have troubles with ssp?
Indeed. Not all features are ported to 2.4.
Regards.
Jean-Pierre
--
Powered by GNU/Linux - http://schwicky.net/
PGP Key ID: 0xEE6F49B4 - ICQ: 4690141 - schwicky@jabber.org
Nothing is impossible... Everything is relative!
--
gentoo-hardened@gentoo.org mailing list
next prev parent reply other threads:[~2007-02-10 18:24 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-02-10 16:02 [gentoo-hardened] security updates Nagy Gabor Peter
2007-02-10 16:43 ` Tom Hendrikx
2007-02-10 17:02 ` John Schember
2007-02-10 18:21 ` Jean-Pierre Schwickerath [this message]
2007-02-11 2:17 ` Andrew Ross
2007-02-11 12:38 ` Kevin F. Quinn
-- strict thread matches above, loose matches on Subject: below --
2010-01-21 12:19 [gentoo-hardened] Security updates Machell, Jonathan
2010-01-21 14:05 ` klondike
2010-01-21 14:06 ` Kerin Millar
2010-01-21 14:12 ` Claes Gyllenswärd
2010-01-21 14:20 ` Andri Möll
2010-01-21 15:36 ` RB
2010-01-21 15:47 ` Machell, Jonathan
2010-01-22 6:36 ` Jonny Kent
2010-01-22 17:29 ` Michael Orlitzky
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20070210192144.3144fb74@ws001.ch.schwicky.lan \
--to=gentoo@schwicky.net \
--cc=gentoo-hardened@lists.gentoo.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox