On 01/27/2015 05:42 PM, Ido Rosen wrote: > Hi Allan & others, > This is a pretty big remote vulnerability, with a big attack > surface. I'm not sure if this is the right list to be sending it to, > but I'd suggest patching glibc right away. I think RedHat's already > released an RHEL5 backported patch, and upstream has already patched > it (as of yesterday). See the links below. > > Ido Hey, This vulnerability does not affect arch (anymore), as we are already shipping glibc version 2.20-6 [0] where the upstream patch [1] is already included. You may want to write security related topics and discussions to the arch-security [2] ML rather then arch-general. There is already a topic [3] posted by Remi which contains clarification about CVE-2015-0235. cheers and thank you for your awareness, Levente [0] https://www.archlinux.org/packages/?name=glibc [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1e1e9bffde04decd [2] https://lists.archlinux.org/listinfo/arch-security [3] https://lists.archlinux.org/pipermail/arch-security/2015-January/000221.html
Attachment:
signature.asc
Description: OpenPGP digital signature