From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=xbiE=HL=gmail.com=aaronr.mb@sourceware.org>
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31])
	by sourceware.org (Postfix) with ESMTPS id 6CB7A3858C66
	for <libc-help@sourceware.org>; Thu, 30 Nov 2023 09:49:29 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 6CB7A3858C66
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 6CB7A3858C66
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::b31
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1701337770; cv=none;
	b=mxcoBH0Vodua1qkTbST0DRPWO8FjRfYCeNI41gtBUwm5VVKYicIJoi81GWJ0mqXudcs3ImTbHR94gcu6zkSGfwkxup5eByGjqxXuZzco5/EUZ8bLTRX5MmL8OR1Fum8dJhfGO3LFH115PpECQLhJhKIJF5/QJLfZwt8daQFLCMg=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1701337770; c=relaxed/simple;
	bh=YtU9gOW3HWftaaBKzyxHa2oRkT8jiU/IybuubiZYnDo=;
	h=DKIM-Signature:MIME-Version:From:Date:Message-ID:Subject:To; b=vJfx61pAjmbwqhPbMmF8ckyAmgNJkT0bMgcXLkpbSBzUr6P3239adurQnOn7gJ/mGQdEcAcWW0x8s5VTkQsTTGp+BI2oWpC25uRIfbBD/HZKzPHHCvc3tX/CZOHB4fGlG1I/hq6Sf5FhrN37/copVgwSn4andgCXgjgZnzkwXDY=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: by mail-yb1-xb31.google.com with SMTP id 3f1490d57ef6-da077db5145so661350276.0
        for <libc-help@sourceware.org>; Thu, 30 Nov 2023 01:49:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1701337768; x=1701942568; darn=sourceware.org;
        h=to:subject:message-id:date:from:mime-version:from:to:cc:subject
         :date:message-id:reply-to;
        bh=YtU9gOW3HWftaaBKzyxHa2oRkT8jiU/IybuubiZYnDo=;
        b=Wx0BXoO0zGD5ItqCTptVDz8ujHhjtcgIVdhUJ2PMCadgl/mGS4b9j/pSjKNuktbVIv
         nbNONl4ILNq7xTdtOdnmy+f2fipf2ebsYtu8szHoGvydCe0e9YedIZ2w552y2YPJ5pwN
         jCTMfdY8h1oKdCWEn7KN3+zVnhL1LzoUu5A69LLJfwXIeflxs8RaDz91gsSMjaPBKt8t
         Dp2L4F7jAHeCE6MRlVMcd7SGPVgYrFm+3X98h7XX5S4HojckWZa0le+1FiCJVDyXRIob
         iOGvCjEFrGOvCAoVbLrW68CViCOwRfpoKhUmBYROPcsfV6E/BmVNRQszI6tkKnJyTp7o
         4LHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1701337768; x=1701942568;
        h=to:subject:message-id:date:from:mime-version:x-gm-message-state
         :from:to:cc:subject:date:message-id:reply-to;
        bh=YtU9gOW3HWftaaBKzyxHa2oRkT8jiU/IybuubiZYnDo=;
        b=wJ0V5acHZw+0FHWU6Qjf+Ql2IvM1wNcBjC8kRt29BLHTbVzNnM6EKS/AMQFcZu0uaU
         Z510+TW5dP6mkMY4/KXlWw4IZ3C+OAaQz0RVfUODkAKuGlWmj/gtNEY3fJhwpXLOwBfC
         Qiqf7AGTNK+dnxAauiayDBF4ccMYyNwV/00aEobr6s1uJ+fQYJUZZ/wxiPJlvq6TKLej
         aAjUpKDlswE0cjHlVxe3sFezOENL6UQM32WMgT8Jh4YHcPBlt718OnBP/vJDeRUNHxHd
         P/00/IiyAjrv9/0PRFd2v+lOPF3o8iC8nMLCt0tPQ50ewcRobpd4macUoVzRYS5oNt1P
         GmgQ==
X-Gm-Message-State: AOJu0YwkyYiCemswwVWUJjAzuOPQThOMNA1lUoHJvcvoFicF8Vz8wdWk
	z4FYvUarJMrMQxoGXan2zsKDj1Feb/cvDei/ULw91Aa08cY=
X-Google-Smtp-Source: AGHT+IFPVwRlr8ySG2uQX51TVSuraVX/Yg4mYzfW1d41BmHrfX95+jMmmzLwLoOWFjuaDpNzQJyHF4Ywoi79lO/ejJk=
X-Received: by 2002:a81:7384:0:b0:5c9:cb4c:35df with SMTP id
 o126-20020a817384000000b005c9cb4c35dfmr23228500ywc.37.1701337768682; Thu, 30
 Nov 2023 01:49:28 -0800 (PST)
MIME-Version: 1.0
From: amb <aaronrmb@gmail.com>
Date: Thu, 30 Nov 2023 04:49:18 -0500
Message-ID: <CAAJF+LkoAQZWiGZ0xDfGRE0xMYVDxM5vCN1Oofz89m9r4Xoc2g@mail.gmail.com>
Subject: [Bug libc/23323] Recommendations for devs stuck with old glibc versions
To: libc-help@sourceware.org
Content-Type: text/plain; charset="UTF-8"
X-Spam-Status: No, score=0.5 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <libc-help.sourceware.org>

Hi,

I am forced to build against an old glibc version in order to run my
code on a large number of target linux systems. For developers like
me, what is the recommended way to mitigate the issue described in
https://sourceware.org/bugzilla/show_bug.cgi?id=23323 ?

If mitigation is not possible, should I be concerned about this as a
potential security issue for my application? I don't know if this
issue was ever assigned a CVE so I was not able to query its severity.
Is there a CVE for this?

Thanks