mhw@netris.org writes:

> I'll push this patch to core-updates as soon as I've tested it.
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=17187
> https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a1a6a401ab0a3c9f15fb7eaebbdcee24192254e8
> http://googleprojectzero.blogspot.co.nz/2014/08/the-poisoned-nul-byte-2014-edition.html
>
> I'm not sure what we should do on 'master'.  Thoughts?

Unfortunately, the upstream commit had a typo in the CVE number.

  https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=f9df71e895d3552d557e783fdb9d133328195645

Here's an updated patch.

      Mark