From ${URL} : Maksymilian Arciemowicz reported a resource consumption issue in the C++ regex library. If an attacker were able to make an application using this library process a specially-crafted regular expression, it could cause the application to consume excessive system resources. Original report: http://seclists.org/fulldisclosure/2014/Aug/1 Upstream bug: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
From https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61601 seems like it's been patched, besides gcc is now in version 5.4 and the bug came in 4.9 References: https://gcc.gnu.org/viewcvs/gcc?view=revision&revision=212185
Due to the severe age of this I am not recommending a GLSA. All vulnerable versions still in the tree are masked. It has been nearly 4 years since this was a vulnerability.