X2Go Bug report logs - #778
affected by CVE 2015-0235: Stop using gethosbyname()

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Sun, 1 Feb 2015 07:05:02 UTC

Severity: important

Full log

Message #12 received at 778@bugs.x2go.org (full text, mbox, reply):

Received: (at 778) by bugs.x2go.org; 1 Feb 2015 12:41:02 +0000
From nable.maininbox@googlemail.com  Sun Feb  1 13:41:01 2015
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
	T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-vc0-f176.google.com (mail-vc0-f176.google.com [])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 294785E030
	for <778@bugs.x2go.org>; Sun,  1 Feb 2015 13:41:01 +0100 (CET)
Received: by mail-vc0-f176.google.com with SMTP id kv7so13327016vcb.7
        for <778@bugs.x2go.org>; Sun, 01 Feb 2015 04:41:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
MIME-Version: 1.0
X-Received: by with SMTP id g8mr7231549vds.71.1422794459818; Sun,
 01 Feb 2015 04:40:59 -0800 (PST)
Received: by with HTTP; Sun, 1 Feb 2015 04:40:59 -0800 (PST)
In-Reply-To: <1422774281.1428.5.camel@Nokia-N900>
References: <1422774281.1428.5.camel@Nokia-N900>
Date: Sun, 1 Feb 2015 16:40:59 +0400
Message-ID: <CALxOYEaUfq4rCifweufEwXSyxBtiKTaU20SpCdV3Co10BQ=tzQ@mail.gmail.com>
Subject: Re: [X2Go-Dev] Bug#778: affected by CVE 2015-0235: Stop using gethosbyname()
From: Nable <nable.maininbox@googlemail.com>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 778@bugs.x2go.org
Content-Type: text/plain; charset=ISO-8859-1
Hi, Mike!

I'm looking at this and previous bug (#777) and can't stop wondering
whether applications should really contain workarounds for bugs in
system libraries. Isn't it better to just depend on newer version
of library (that has fixes for currently known bugs)?

There are a lot of older bugs in glibc (that are fixed in current
version), does it mean that applications should be bloated with
workarounds for such bugs just in order to work more safely on machines
where users don't pay enough attention to updates?

Send a report that this bug log contains spam.

X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Feb 1 21:58:25 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.