[arch-security] CVE-2015-0235 "ghost"

Hello, A critical vulnerability has been found in glibc [1] in the form of a heap buffer overflow in the gethostbyname() and gethostbyname2() calls. It may allow a remote attacker to execute arbitrary code. Arch Linux does not seem vulnerable because we use a recent glibc version, which includes a patch [2] for this issue. This seems confirmed by the test case included with the fix [3]. [1] https://sourceware.org/bugzilla/show_bug.cgi?id=15014 [2] https://sourceware.org/git/?p=glibc.git;a=commit;h=d5dd6189d506068ed11c8bfa1... [3] https://sourceware.org/git/?p=glibc.git;a=blob;f=nss/test-digits-dots.c;h=1e... https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235