CVE-2015-5180 DNS resolver NULL pointer dereference with crafted record type Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=18784 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=fc82b0a2dfe7dbd35671c10510a8da1043d746a5 CVE-2016-6323 The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation. Upstream bug: https://sourceware.org/bugzilla/show_bug.cgi?id=20435 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=9e2ff6c9cc54c0b4402b8d49e4abe7000fde7617 @ Maintainer(s): Both vulnerabilities are fixed in >=sys-libs/glibc-2.25. Please bump the package and tell us if you plan to backport fixes.
please do not file "multiple vulnerabilities" bugs. these are awful to track. create one bug per CVE/fix.
Divided into two bugs, see bug 608706 and bug 608698.