is almost 1 year old, and still not fixed in glibc trunk.
I have verified that the test case from it fails with libc6
2.19-0ubuntu6.5 and current trunk glibc.
Don't know if it's exploitable, but it seems like it could easily be.
(I'll see if I can fix it in the mean time.)
RedHat bug at https://bugzilla.redhat.com/show_bug.cgi?id=1188235
From upstream bug: Fixed in 2.21.
2.21 is not available for stabilization yet as far as I see. Setting it back to ebuild until it is ready.
fix is also in glibc-2.20-r2 now
(In reply to SpanKY from comment #3)
> fix is also in glibc-2.20-r2 now
*** Bug 552694 has been marked as a duplicate of this bug. ***
This issue was resolved and addressed in
GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02
by GLSA coordinator Tobias Heinlein (keytoaster).