On Tue, Jan 27, 2015 at 12:25 PM, Levente Polyak <anthraxx@archlinux.org> wrote:
On 01/27/2015 05:42 PM, Ido Rosen wrote:
Hi Allan & others, This is a pretty big remote vulnerability, with a big attack surface. I'm not sure if this is the right list to be sending it to, but I'd suggest patching glibc right away. I think RedHat's already released an RHEL5 backported patch, and upstream has already patched it (as of yesterday). See the links below.
Ido
Hey,
This vulnerability does not affect arch (anymore), as we are already shipping glibc version 2.20-6 [0] where the upstream patch [1] is already included. You may want to write security related topics and discussions to the arch-security [2] ML rather then arch-general. There is already a topic [3] posted by Remi which contains clarification about CVE-2015-0235.
I CC'ed it to security@, but didn't know arch-security@ existed. Thank you!