From ${URL} : Today, Adhemerval Zanella Netto reported in additional code page decoding functions (IBM933, IBM935, IBM937, IBM939, IBM1364): <https://sourceware.org/bugzilla/show_bug.cgi?id=17325> <https://sourceware.org/ml/libc-alpha/2014-08/msg00473.html> Upstream commit is still pending. These crashers are out-of-bounds reads at a fixed offset relative to the data segment of a DSO, and in all cases I've seen, they were right in the middle of an unmapped segment of the same DSO. This means that these bugs are just crashers, but they can still result in denial-of-service conditions. @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
http://www.openwall.com/lists/oss-security/2014/08/29/3 https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=41488498b6d9440ee66ab033808cce8323bba7ac
From Upstream: "08 Septtember 2014 The GNU C Library version 2.20 is now available" https://sourceware.org/ml/libc-alpha/2014-09/msg00088.html Maintainer(s): after the bump please let us know when the ebuild is ready for stabilization.
CVE-2014-6040 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-6040): GNU C Library (aka glibc) before 2.20 allows context-dependent attackers to cause a denial of service (out-of-bounds read and crash) via a multibyte character value of "0xffff" to the iconv function when converting (1) IBM933, (2) IBM935, (3) IBM937, (4) IBM939, or (5) IBM1364 encoded data to UTF-8.
Setting to blocker Bug #516884 (for glibc-2.20)
This issue was resolved and addressed in GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02 by GLSA coordinator Tobias Heinlein (keytoaster).
