From ${URL} : Tavis Ormandy reported an off-by-one error leading to a heap-based buffer overflow flaw in glibc's __gconv_translit_find() function. This could be triggered by setting the CHARSET environment variable to a malicious value. This could possibly lead to code execution as root if a set user ID (setuid) root application used this environment variable without sanitizing its value. References: http://www.openwall.com/lists/oss-security/2014/07/14/1 http://www.openwall.com/lists/oss-security/2014/07/14/2 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
the commit: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
CVE-2014-5119 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-5119): Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via vectors related to the CHARSET environment variable and gconv transliteration modules.
This CVE is fixed in Version 2.20 https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html Maintainer(s): after the bump please let us know when the ebuild is ready for stabilization.
Based on the version change setting blocker to Bug 516884 (which is the blocker for all glib-2.20 version. If this is not correct please advise.
This issue was resolved and addressed in GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02 by GLSA coordinator Tobias Heinlein (keytoaster).