[X2Go-Dev] Bug#778: Bug#778: affected by CVE 2015-0235: Stop using gethosbyname()

Mike Gabriel mike.gabriel at das-netzwerkteam.de
Sun Feb 1 22:34:40 CET 2015


On  So 01 Feb 2015 13:40:59 CET, Nable wrote:

> Hi, Mike!
>
> I'm looking at this and previous bug (#777) and can't stop wondering
> whether applications should really contain workarounds for bugs in
> system libraries. Isn't it better to just depend on newer version
> of library (that has fixes for currently known bugs)?
>
> There are a lot of older bugs in glibc (that are fixed in current
> version), does it mean that applications should be bloated with
> workarounds for such bugs just in order to work more safely on machines
> where users don't pay enough attention to updates?

That is a true way of reasoning...

However, gethostbyname is deprecated in glibc and not really IPv4/IPv6  
compliant [1].

Mike

[1] http://beej.us/guide/bgnet/output/html/multipage/syscalls.html#getaddrinfo

-- 

DAS-NETZWERKTEAM
mike gabriel, herweg 7, 24357 fleckeby
fon: +49 (1520) 1976 148

GnuPG Key ID 0x25771B31
mail: mike.gabriel at das-netzwerkteam.de, http://das-netzwerkteam.de

freeBusy:
https://mail.das-netzwerkteam.de/freebusy/m.gabriel%40das-netzwerkteam.de.xfb
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.x2go.org/pipermail/x2go-dev/attachments/20150201/0a24c8e0/attachment.pgp>


More information about the x2go-dev mailing list