From ${URL} : An integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. If an application used this function, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. Upstream issue: https://sourceware.org/bugzilla/show_bug.cgi?id=17269 Upstream patch: https://sourceware.org/git/gitweb.cgi?p=glibc.git;h=bdf1ff052a8e23d637f2c838fa5642d78fcedc33 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
this has been fixed for glibc 2.22 and 2.21.1, and i've backported it to our glibc 2.21-r1 ebuild. but that's just now hitting ~arch so it'll be a little while before we can stabilize.
Package =sys-libs/glibc-2.20-r2 is still marked as the latest stable on X86_64 bit platforms without this patch applied.
This issue was resolved and addressed in GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02 by GLSA coordinator Tobias Heinlein (keytoaster).
