On Tue, Jan 27, 2015 at 12:25 PM, Levente Polyak <anthraxx@xxxxxxxxxxxxx> wrote: > On 01/27/2015 05:42 PM, Ido Rosen wrote: >> Hi Allan & others, >> This is a pretty big remote vulnerability, with a big attack >> surface. I'm not sure if this is the right list to be sending it to, >> but I'd suggest patching glibc right away. I think RedHat's already >> released an RHEL5 backported patch, and upstream has already patched >> it (as of yesterday). See the links below. >> >> Ido > > Hey, > > This vulnerability does not affect arch (anymore), as we are already > shipping glibc version 2.20-6 [0] where the upstream patch [1] is > already included. > You may want to write security related topics and discussions to the > arch-security [2] ML rather then arch-general. > There is already a topic [3] posted by Remi which contains clarification > about CVE-2015-0235. I CC'ed it to security@, but didn't know arch-security@ existed. Thank you!
