A vulnerability has been reported in the GNU C Library, which potentially can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an error within the implementation of the "fnmatch()" function, which can be exploited to cause a stack corruption by e.g. tricking an application into using the function on specially crafted input.
The vulnerability is reported in versions prior to 2.12.2.
From $URL, the upstream bug is http://sourceware.org/bugzilla/show_bug.cgi?id=11883.
More details can be found here
if the issue is already resolved in glibc-2.12.2 in the tree, then i'm not sure we'd look at trying to backport. we're at the point where glibc-2.12.x should be looked at for stabilization in general. i'll start a thread on gentoo-dev to see if we need to shake out any dependencies first.
Stable by now.
toolchain work done.
This issue was resolved and addressed in
GLSA 201312-01 at http://security.gentoo.org/glsa/glsa-201312-01.xml
by GLSA coordinator Chris Reffett (creffett).