From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.62) (envelope-from ) id 1HFwtO-0004kb-49 for garchives@archives.gentoo.org; Sat, 10 Feb 2007 18:24:10 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l1AIMBXP027984; Sat, 10 Feb 2007 18:22:11 GMT Received: from balrog.cybernet.ch (balrog.cybernet.ch [212.90.198.182]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l1AIMATE027979 for ; Sat, 10 Feb 2007 18:22:10 GMT Received: from smtp.hilotec.net (cust.static.213-180-162-41.cybernet.ch [213.180.162.41]) by balrog.cybernet.ch (8.13.8/8.13.8) with ESMTP id l1AIM649083637 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sat, 10 Feb 2007 19:22:10 +0100 (CET) (envelope-from gentoo@schwicky.net) Received: from localhost (localhost [127.0.0.1]) by smtp.hilotec.net (Postfix) with ESMTP id 9676C12918451 for ; Sat, 10 Feb 2007 19:22:05 +0100 (CET) X-Virus-Scanned: amavisd-new at hilotec.lan Received: from smtp.hilotec.net ([127.0.0.1]) by localhost (proxy.hilotec.lan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id siaemSB688qV for ; Sat, 10 Feb 2007 19:21:50 +0100 (CET) Received: from ws001.ch.schwicky.lan (cust.dyn.83-173-209-15.cybernet.ch [83.173.209.15]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.hilotec.net (Postfix) with ESMTP id 4603B1288DE48 for ; Sat, 10 Feb 2007 19:21:48 +0100 (CET) Date: Sat, 10 Feb 2007 19:21:44 +0100 From: Jean-Pierre Schwickerath To: gentoo-hardened@lists.gentoo.org Subject: Re: [gentoo-hardened] security updates Message-ID: <20070210192144.3144fb74@ws001.ch.schwicky.lan> In-Reply-To: <20070210160237.GB5317@swordfish.capgemini.hu> References: <20070210160237.GB5317@swordfish.capgemini.hu> X-Mailer: Sylpheed-Claws 2.4.0 (GTK+ 2.10.6; i686-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.57 on 212.90.198.182 X-Archives-Salt: ceb5629d-fdd3-49b8-87bb-a7f5b2cd333d X-Archives-Hash: 314e8f725c133c47735cabe2589d1e13 Hi, > I see now that glibc 2.4-r3 should be upgraded to 2.4-r4 (by the way, > where can I check the differences (Changelog) between two gentoo > versions (like r3 and r4)?) Check the -l flag when using emerge. For instance: emerge -plavuD world > So my question: If someone finds a bug in glibc that gets corrected, > what does the gentoo maintainers do about it? Do they backport the fix > in all 8 versions? Or just in some of the versions and mark the not > fixed ones ~? I'm sure here. But on the glsa-notice you'll see which versions are vulnerable and which are unaffected by the corrected bug. > Is there some mailinglist (like debian-security-announce) where such > security fixes are announced? Have a look at http://www.gentoo.org/security/en/ You'll find infos on the glsa-check utility and the mailinglist. > What is the reason that the hardened profile selects the 2.3.6 version > instead of the 2.4? I mean not in glibc's case only, but generally. > > Does libc 2.4 have troubles with ssp? Indeed. Not all features are ported to 2.4. Regards. Jean-Pierre -- Powered by GNU/Linux - http://schwicky.net/ PGP Key ID: 0xEE6F49B4 - ICQ: 4690141 - schwicky@jabber.org Nothing is impossible... Everything is relative! -- gentoo-hardened@gentoo.org mailing list