X2Go Bug report logs -
#778
affected by CVE 2015-0235: Stop using gethosbyname()
Toggle useless messages
Report forwarded
to x2go-dev@lists.x2go.org, owner@bugs.x2go.org
:
Bug#778
; Package src:nx-libs
.
(Sun, 01 Feb 2015 07:05:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
New Bug report received and forwarded. Copy sent to owner@bugs.x2go.org
.
(Sun, 01 Feb 2015 07:05:02 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.x2go.org (full text, mbox, reply):
Package: src:nx-libs
Severity: important
The NX source code uses gethostbyname() at several locations and is potentially affected by CVE 2015-0235 (GHOST security issue in glibc).
We should move towards using getaddrinfo() asap.
Mike
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976148
GnuPG Key ID 0x25771B13
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
Bug reassigned from package 'src:nx-libs' to 'nx-libs'.
Request was from Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
to control@bugs.x2go.org
.
(Sun, 01 Feb 2015 10:35:01 GMT) (full text, mbox, link).
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#778
; Package nx-libs
.
(Sun, 01 Feb 2015 12:45:01 GMT) (full text, mbox, link).
Acknowledgement sent
to Nable <nable.maininbox@googlemail.com>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sun, 01 Feb 2015 12:45:01 GMT) (full text, mbox, link).
Message #12 received at 778@bugs.x2go.org (full text, mbox, reply):
Hi, Mike!
I'm looking at this and previous bug (#777) and can't stop wondering
whether applications should really contain workarounds for bugs in
system libraries. Isn't it better to just depend on newer version
of library (that has fixes for currently known bugs)?
There are a lot of older bugs in glibc (that are fixed in current
version), does it mean that applications should be bloated with
workarounds for such bugs just in order to work more safely on machines
where users don't pay enough attention to updates?
Information forwarded
to x2go-dev@lists.x2go.org, X2Go Developers <x2go-dev@lists.x2go.org>
:
Bug#778
; Package nx-libs
.
(Sun, 01 Feb 2015 21:35:02 GMT) (full text, mbox, link).
Acknowledgement sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Extra info received and forwarded to list. Copy sent to X2Go Developers <x2go-dev@lists.x2go.org>
.
(Sun, 01 Feb 2015 21:35:02 GMT) (full text, mbox, link).
Message #17 received at 778@bugs.x2go.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
On So 01 Feb 2015 13:40:59 CET, Nable wrote:
> Hi, Mike!
>
> I'm looking at this and previous bug (#777) and can't stop wondering
> whether applications should really contain workarounds for bugs in
> system libraries. Isn't it better to just depend on newer version
> of library (that has fixes for currently known bugs)?
>
> There are a lot of older bugs in glibc (that are fixed in current
> version), does it mean that applications should be bloated with
> workarounds for such bugs just in order to work more safely on machines
> where users don't pay enough attention to updates?
That is a true way of reasoning...
However, gethostbyname is deprecated in glibc and not really IPv4/IPv6
compliant [1].
Mike
[1] http://beej.us/guide/bgnet/output/html/multipage/syscalls.html#getaddrinfo
--
DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148
GnuPG Key ID 0x25771B31
mail: mike.gabriel@das-netzwerkteam.de, http://das-netzwerkteam.de
freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
[Message part 2 (application/pgp-signature, inline)]
Acknowledgement sent
to Stefan Baur <X2Go-ML-1@baur-itcs.de>
:
Extra info received and filed, but not forwarded.
(Thu, 25 Jan 2024 21:55:01 GMT) (full text, mbox, link).
Message #20 received at 778-quiet@bugs.x2go.org (full text, mbox, reply):
Control: close -1
Control: archive -1
This issue is now being tracked in the Arctica Issue Tracker over on
Github: <https://github.com/ArcticaProject/nx-libs/issues/1070>
Kind Regards,
Stefan Baur
--
BAUR-ITCS UG (haftungsbeschränkt)
Geschäftsführer: Stefan Baur
Eichenäckerweg 10, 89081 Ulm | Registergericht Ulm, HRB 724364
Fon/Fax 0731 40 34 66-36/-35 | USt-IdNr.: DE268653243
Marked Bug as done
Request was from Stefan Baur <X2Go-ML-1@baur-itcs.de>
to 778-quiet@bugs.x2go.org
.
(Thu, 25 Jan 2024 21:55:02 GMT) (full text, mbox, link).
Notification sent
to Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
:
Bug acknowledged by developer.
(Thu, 25 Jan 2024 21:55:02 GMT) (full text, mbox, link).
Bug archived.
Request was from Stefan Baur <X2Go-ML-1@baur-itcs.de>
to 778-quiet@bugs.x2go.org
.
(Thu, 25 Jan 2024 21:55:02 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
X2Go Developers <owner@bugs.x2go.org>.
Last modified:
Thu Nov 21 11:35:55 2024;
Machine Name:
ymir.das-netzwerkteam.de
X2Go Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.