Hi, > I see now that glibc 2.4-r3 should be upgraded to 2.4-r4 (by the way, > where can I check the differences (Changelog) between two gentoo > versions (like r3 and r4)?)
Check the -l flag when using emerge. For instance: emerge -plavuD world > So my question: If someone finds a bug in glibc that gets corrected, > what does the gentoo maintainers do about it? Do they backport the fix > in all 8 versions? Or just in some of the versions and mark the not > fixed ones ~? I'm sure here. But on the glsa-notice you'll see which versions are vulnerable and which are unaffected by the corrected bug. > Is there some mailinglist (like debian-security-announce) where such > security fixes are announced? Have a look at http://www.gentoo.org/security/en/ You'll find infos on the glsa-check utility and the mailinglist. > What is the reason that the hardened profile selects the 2.3.6 version > instead of the 2.4? I mean not in glibc's case only, but generally. > > Does libc 2.4 have troubles with ssp? Indeed. Not all features are ported to 2.4. Regards. Jean-Pierre -- Powered by GNU/Linux - http://schwicky.net/ PGP Key ID: 0xEE6F49B4 - ICQ: 4690141 - [EMAIL PROTECTED] Nothing is impossible... Everything is relative! -- [email protected] mailing list
