X2Go Bug report logs - #778
affected by CVE 2015-0235: Stop using gethosbyname()

Package: nx-libs; Maintainer for nx-libs is X2Go Developers <x2go-dev@lists.x2go.org>;

Reported by: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>

Date: Sun, 1 Feb 2015 07:05:02 UTC

Severity: important

Full log


🔗 View this message in rfc822 format

X-Loop: owner@bugs.x2go.org
Subject: Bug#778: [X2Go-Dev] Bug#778: affected by CVE 2015-0235: Stop using gethosbyname()
Reply-To: Nable <nable.maininbox@googlemail.com>, 778@bugs.x2go.org
Resent-From: Nable <nable.maininbox@googlemail.com>
Resent-To: x2go-dev@lists.x2go.org
Resent-CC: X2Go Developers <x2go-dev@lists.x2go.org>
X-Loop: owner@bugs.x2go.org
Resent-Date: Sun, 01 Feb 2015 12:45:01 +0000
Resent-Message-ID: <handler.778.B778.142279446211704@bugs.x2go.org>
Resent-Sender: owner@bugs.x2go.org
X-X2Go-PR-Message: followup 778
X-X2Go-PR-Package: nx-libs
X-X2Go-PR-Keywords: 
Received: via spool by 778-submit@bugs.x2go.org id=B778.142279446211704
          (code B ref 778); Sun, 01 Feb 2015 12:45:01 +0000
Received: (at 778) by bugs.x2go.org; 1 Feb 2015 12:41:02 +0000
X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
	ymir.das-netzwerkteam.de
X-Spam-Level: 
X-Spam-Status: No, score=0.8 required=5.0 tests=BAYES_50,FREEMAIL_FROM,
	T_DKIM_INVALID,URIBL_BLOCKED autolearn=ham version=3.3.2
Received: from mail-vc0-f176.google.com (mail-vc0-f176.google.com [209.85.220.176])
	by ymir.das-netzwerkteam.de (Postfix) with ESMTPS id 294785E030
	for <778@bugs.x2go.org>; Sun,  1 Feb 2015 13:41:01 +0100 (CET)
Received: by mail-vc0-f176.google.com with SMTP id kv7so13327016vcb.7
        for <778@bugs.x2go.org>; Sun, 01 Feb 2015 04:41:00 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=googlemail.com; s=20120113;
        h=mime-version:in-reply-to:references:date:message-id:subject:from:to
         :content-type;
        bh=2DGnWWmVI8IYoomrdeMx2Y2M8EEL0tRUE40PCwEwmRk=;
        b=0jFCNoFM6fPMz2TlJq9kQNX7jZZCkbN6ZOGjKQpRBP/RePS+GM3HHgAg+KCJur8Une
         +JG6ybtetNoqHGBd4CWRY7D2/iz2sjRXkPT8syOLq4wxgyHPCrHV/vy3WkxEnuPEM89U
         bD0HEJzsmLLQMzf33TIbtOjLbTtJhDlraxG8hEEW7w+v36pjQnNKjp2xCJuQeW1BuK8I
         A0s7pAmNSOzH8GrpNQyPUBlKhHm/C5dzgEDLyymeRbQ44MxYN+XcffdozH6A7lwa4oKA
         s/dM95PVcoKoXUviMQbH46THu7XslvVhPAgon8hPOWrxoUqM0jT8ChRr0K8LP19I3EqJ
         RSIw==
MIME-Version: 1.0
X-Received: by 10.52.63.136 with SMTP id g8mr7231549vds.71.1422794459818; Sun,
 01 Feb 2015 04:40:59 -0800 (PST)
Received: by 10.52.149.40 with HTTP; Sun, 1 Feb 2015 04:40:59 -0800 (PST)
In-Reply-To: <1422774281.1428.5.camel@Nokia-N900>
References: <1422774281.1428.5.camel@Nokia-N900>
Date: Sun, 1 Feb 2015 16:40:59 +0400
Message-ID: <CALxOYEaUfq4rCifweufEwXSyxBtiKTaU20SpCdV3Co10BQ=tzQ@mail.gmail.com>
From: Nable <nable.maininbox@googlemail.com>
To: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>, 778@bugs.x2go.org
Content-Type: text/plain; charset=ISO-8859-1
Hi, Mike!

I'm looking at this and previous bug (#777) and can't stop wondering
whether applications should really contain workarounds for bugs in
system libraries. Isn't it better to just depend on newer version
of library (that has fixes for currently known bugs)?

There are a lot of older bugs in glibc (that are fixed in current
version), does it mean that applications should be bloated with
workarounds for such bugs just in order to work more safely on machines
where users don't pay enough attention to updates?

Send a report that this bug log contains spam.


X2Go Developers <owner@bugs.x2go.org>. Last modified: Wed Feb 1 22:15:39 2023; Machine Name: ymir.das-netzwerkteam.de

X2Go Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.