eglibc - security update

• CVE-2012-6656
  Fix validation check when converting from ibm930 to utf.
  When converting IBM930 code with iconv(), if IBM930 code which
  includes invalid multibyte character 0xffff is specified, then
  iconv() segfaults.
• CVE-2014-6040
  Crashes on invalid input in IBM gconv modules [BZ #17325]
  These changes are based on the fix for BZ #14134 in commit
  6e230d11837f3ae7b375ea69d7905f0d18eb79e5.
• CVE-2014-7817
  The function wordexp() fails to properly handle the WRDE_NOCMD
  flag when processing arithmetic inputs in the form of “$((… ``))”
  where “…” can be anything valid. The backticks in the arithmetic
  epxression are evaluated by in a shell even if WRDE_NOCMD forbade
  command substitution. This allows an attacker to attempt to pass
  dangerous commands via constructs of the above form, and bypass
  the WRDE_NOCMD flag. This patch fixes this by checking for WRDE_NOCMD
  in exec_comm(), the only place that can execute a shell. All other
  checks for WRDE_NOCMD are superfluous and removed.

For Debian 6 Squeeze, these issues have been fixed in eglibc version 2.11.3-4+deb6u2