Reading the Changelogs when updating my Debian-sid, I found these eglibc patches which are applicable to Gentoo glibc-2.17 just fine: CVE-2013-4332-memalign.diff.patch CVE-2013-4332-pvalloc.diff.patch CVE-2013-4332-valloc.diff.patch CVE-2013-4237.diff.patch CVE-2013-4788-static-ptrguard.diff.patch CVE-2013-4788-static-ptrguard-arm.diff.patch CVE-2013-4237-alignment.diff.patch NonCVE-findlocale-div-by-zero.diff.patch Runs well my Gentoo~unstable having these patches. Is it Gentoo policy to only security support the stable glibc-2.16 ? Reproducible: Always
Created attachment 365468 [details, diff] glibc-2.17-CVE-Debian-2013-autumn.patch
*** This bug has been marked as a duplicate of bug 484646 ***
All CVEs you listed are filed separately as bug.
@Agostino Is the portage GLSA checker able to automaticly examine what upstream git commit to use as an epatch_user patch applicable to my special glibc-2.17 version? The Gentoo CVE bugs you mention do not specify any glibc version. Howto get these bugs information out of the bugtracker into my portage tree?