On 05/26/2015 10:59 AM, Patrick Rael wrote: > Hi, > Is there an ETA on when CVE-2014-4043 for glibc will be fixed in > centos. > I see the upstream vendor version glibc-2.20 has this fix supposedly, but > I don't see this specific fix in the centos glibc changelogs. I've > compiled the > test code for this bug and as of glibc-2.17.77 the test reports the bug > is present. > Preferably we'd like this fix on centos6.6 as we can't move to 7.0 yet. > > Thanks, > -->Pat This issue is not being addressed by Red Hat in their source code .. it will therefore not be addressed in CentOS either, unless Red Hat changes their mind. We just rebuild Red Hat released source code for RHEL, we do not add security or technical things to that source code. https://access.redhat.com/security/cve/CVE-2014-4043 and https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-4043 Thanks, Johnny Hughes -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 198 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20150526/5c0a04d2/attachment-0005.sig>