opesource means no negative issues?

Extremely severe bug leaves dizzying number of software and devices vulnerable
Since 2008, vulnerability has left apps and hardware open to remote hijacking.

The vulnerability was introduced in 2008 in GNU C Library, a collection of open source code that powers thousands of standalone applications and most distributions of Linux, ...
...
For many people running servers, patching will be a simple matter of downloading the update and installing it. But for other types of users, a fix may not be so easy. Some apps that were compiled with a vulnerable version of glibc will have to be recompiled with an updated version of the library, a process that will take time as users wait for fixes to become available from hardware manufacturers and app developers.
...
It remains unclear why or how glibc maintainers allowed a bug of this magnitude to be introduced into their code, remain undiscovered for seven years, and then go unfixed for seven months following its report. By Google's account, the bug was independently uncovered by at least two and possibly three separate groups who all worked to have it fixed. It wouldn't be surprising if over the years the vulnerability was uncovered by additional people and possibly exploited against unsuspecting targets.