From $URL: Greetings, https://sourceware.org/bugzilla/show_bug.cgi?id=16618 is almost 1 year old, and still not fixed in glibc trunk. I have verified that the test case from it fails with libc6 2.19-0ubuntu6.5 and current trunk glibc. Don't know if it's exploitable, but it seems like it could easily be. (I'll see if I can fix it in the mean time.) - -- RedHat bug at https://bugzilla.redhat.com/show_bug.cgi?id=1188235
From upstream bug: Fixed in 2.21.
2.21 is not available for stabilization yet as far as I see. Setting it back to ebuild until it is ready.
fix is also in glibc-2.20-r2 now
(In reply to SpanKY from comment #3) > fix is also in glibc-2.20-r2 now Thanks
*** Bug 552694 has been marked as a duplicate of this bug. ***
This issue was resolved and addressed in GLSA 201602-02 at https://security.gentoo.org/glsa/201602-02 by GLSA coordinator Tobias Heinlein (keytoaster).