please fix CVE-2014-5119

This bug was fixed in the package eglibc - 2.15-0ubuntu10.7

---------------
eglibc (2.15-0ubuntu10.7) precise; urgency=medium

  * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
    - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
      completely remove support for loadable gconv transliteration modules.
  * SECURITY REGRESSION: localplt regression introduced in 2.15-0ubuntu10.6
    - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport
      of upstream commit ca38dc17 to include memmem hidden alias declaration.
 -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:18:52 -0600

This bug was fixed in the package eglibc - 2.19-0ubuntu6.3

---------------
eglibc (2.19-0ubuntu6.3) trusty; urgency=medium

  * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
    - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
      completely remove support for loadable gconv transliteration modules.
 -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:19:15 -0600

This bug was fixed in the package eglibc - 2.11.1-0ubuntu7.16

---------------
eglibc (2.11.1-0ubuntu7.16) lucid; urgency=medium

  * SECURITY UPDATE: heap overflow in __gconv_translit_find() (LP: #1362409)
    - debian/patches/any/cvs-CVE-2014-5119.diff: Backport upstream commit to
      completely remove support for loadable gconv transliteration modules.
  * SECURITY REGRESSION: localplt regression introduced in 2.11.1-0ubuntu7.14
    - debian/patches/any/submitted-CVE-2014-0475.diff: update with a backport
      of upstream commit ca38dc17 to include memmem hidden alias declaration.
 -- Adam Conrad <email address hidden> Wed, 27 Aug 2014 22:08:11 -0600

This bug was fixed in the package glibc - 2.19-10ubuntu1

---------------
glibc (2.19-10ubuntu1) utopic; urgency=medium

  * Merge with Debian unstable, bringing in several CVE fixes (LP: #1362409)
  * Enable systemtap support for Ubuntu which was dropped in Debian for now.
  * Move MIN_KERNEL_SUPPORTED to 2.6.32 on x86 now that hardy PPAs are dead.
  * libc-dev no longer Recommends 'gcc | c-compiler' (LP: #990982, #1005097)

glibc (2.19-10) unstable; urgency=medium

  [ Aurelien Jarno ]
  * debian/rules: drop the i486 to i586 GNU triplet conversion.
  * debian/control.in/main: build-depends on dpkg-dev (>= 1.17.1) and
    gcc-4.8 (>= 4.8.3-8) to make sure to get the new i586 GNU triplet on
    i386, hurd-i386 and kfreebsd-i386.
  * Remove iconv(1), iconvconfig(8), localedef(1) and sprof(1) manpages,
    provided by the manpages packages starting with version 3.71.
  * patches/any/cvs-CVE-2014-5119.diff: New patch from upstream to remove
    support for loadable gconv transliteration modules (CVE-2014-5119).

  [ Samuel Thibault ]
  * patches/hurd-i386/cvs-libpthread_guardsize.diff: Fix guard size computation.
    Fixes the creation of thousands of threads, and thus pulseaudio testsuite.
    Closes: #758671.
  * patches/hurd-i386/cvs-libpthread_std_thread.diff: New patch to deal with
    std::thread using __pthread_key_create to detect presence of libpthread.
    Fixes build of webkitgtk and most probably other libstdc++-related
    failures.
  * patches/hurd-i386/submitted-bind_umask.diff: New patch to fix bind() when
    umask is 0000, fixes clamav testsuite. Closes: #759218.

  [ Adam Conrad ]
  * debian/patches/series: Actually apply the submitted arm64 alignment and
    setcontext patches mentioned in 2.19-0experimental0 (closes: #759042)

glibc (2.19-9) unstable; urgency=medium

  [ Aurelien Jarno ]
  * debian/rules.d/control.mk: don't add libc6{,-dev}-{armel,armhf}
    packages in debian/control as we don't build them in Debian. New dak
    code checks for NEW packages directly in debian/control.

glibc (2.19-8) unstable; urgency=medium

  [ Helmut Grohne ]
  * debian/patches/build stage2 without selinux. Closes: #742640.
  * Don't emit dependencies on libgcc when building stage2. Closes: #755580.
  * Add a "nobiarch" build profile that inhibits all multilib packages from
    being built. Closes: #745380.

  [ Aurelien Jarno ]
  * debian/patches/arm64/cvs-includes-cleanup.diff: new patch from upstream to
    clean sys/user.h and sys/procfs.h. Closes: #755169.
  * debian/patches/s390/cvs-s390-abi-reversal.diff: new patch backported from
    upstream to revert the S/390 jmp_buf/ucontext_t ABI change.
  * Update Turkish debconf translation, by Mert Dirik. Closes: #757495.
  * Remove ia64 support. Closes: #756095.
  * Update debian/copyright with the libidn/punycode.{c,h} license. Closes:
    #754731.
  * debian/control/libc: drop Recommends on: gcc | c-compiler. Closes:
    #747933.

glibc (2.19-7) unstable; urgency=high

  * debian/patches/localedata/unsubmitted-tst-setlocale3-ENV.diff: Apply
    correct environment for the tst-setlocale3 test to find its locales.

glibc (2.19-6) unstable; urgency=high

  [ Aurelien Jarno ]
  * d...