Comment 4 for bug 1547229

1. Centos6.3 already contains fixed package
glibc-2.12-1.166.el6_7.7.rpm

Patches related:
glibc-rh1296031-0.patch
glibc-rh1296031.patch

Fixes applied were:
http://paste.openstack.org/show/487786/

This list is quite long, upgrade to upstream version is risky without deep testing.

2. Two CVE related patches could be applied with manual offset tuning. It could be applied smoothly, only offset is different but not the code. However, this operation is risky without deep testing.

We should decide what to do next.

All upstreams mentioned have this fix applied in upstream in updates repo. Backporting is possible for sure but with no guarantees.