Ubuntu
icu package

Change log for icu package in Ubuntu

76150 of 161 results FirstLast
Superseded in xenial-release
Obsolete in wily-release
Deleted in wily-proposed (Reason: moved to release) 
icu (55.1-4ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: denial of service via mishandling of converter names
    with initial x- substrings
    - debian/patches/CVE-2015-1270.patch: fix patch so it actually applies.
    - CVE-2015-1270
  * SECURITY UPDATE: information disclosure via overflows
    - debian/patches/CVE-2015-2632.patch: properly calculate index in
      source/layout/Features.cpp, check for overflows in
      source/layout/LETableReference.h.
    - CVE-2015-2632

 -- Marc Deslauriers <email address hidden>  Fri, 11 Sep 2015 08:24:31 -0400
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
icu (55.1-4) unstable; urgency=low

  [ Helmut Grohne <email address hidden> ]
  * Support parallel building (closes: #794617).
  * Support cross compilation (closes: #784668).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 08 Aug 2015 10:39:07 +0000

Available diffs

Superseded in wily-proposed 
icu (55.1-3.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Fix build on hurd-i386 (Samuel Thibault). Closes: #794404.

 -- Matthias Klose <email address hidden>  Mon, 03 Aug 2015 12:21:04 +0200

Available diffs

Superseded in wily-proposed 
icu (55.1-3) unstable; urgency=high

  * Fix CVE-2015-1270 .
  * Add fixes for CVE-2014-6585.patch and CVE-2015-4760.patch .
  * Upload to unstable for GCC 5 transition (closes: #791072).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 02 Aug 2015 14:13:05 +0200
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
icu (52.1-10) unstable; urgency=high

  * Fix security bugs:
    - CVE-2015-4760 , missing boundary checks in layout engine,
    - CVE-2014-6585 , finish null pointer checks.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 17 Jul 2015 18:46:28 +0000

Available diffs

Superseded in wily-proposed 
icu (55.1-1build1) wily; urgency=medium

  * Build using GCC 5.
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
icu (52.1-9) unstable; urgency=high

  * Fix security bugs (closes: #784773):
    - CVE-2014-8146 , a heap overflow,
    - CVE-2014-8147 , an integer overflow.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Fri, 08 May 2015 20:35:32 +0000
Superseded in wily-release
Deleted in wily-proposed (Reason: moved to release) 
icu (52.1-8ubuntu1) wily; urgency=medium

  * SECURITY UPDATE: heap overflow via incorrect isolateCount
    - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
      source/common/ubidi.c.
    - CVE-2015-8146
  * SECURITY UPDATE: integer overflow via incorrect state size
    - debian/patches/CVE-2015-8147.patch: change state to int32_t in
      source/common/ubidiimp.h.
    - CVE-2015-8147

 -- Marc Deslauriers <email address hidden>  Fri, 08 May 2015 08:23:49 -0400
Superseded in vivid-updates
Superseded in vivid-security 
icu (52.1-8ubuntu0.1) vivid-security; urgency=medium

  * SECURITY UPDATE: heap overflow via incorrect isolateCount
    - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
      source/common/ubidi.c.
    - CVE-2015-8146
  * SECURITY UPDATE: integer overflow via incorrect state size
    - debian/patches/CVE-2015-8147.patch: change state to int32_t in
      source/common/ubidiimp.h.
    - CVE-2015-8147

 -- Marc Deslauriers <email address hidden>  Fri, 08 May 2015 08:29:07 -0400
Superseded in trusty-updates
Superseded in trusty-security 
icu (52.1-3ubuntu0.3) trusty-security; urgency=medium

  * SECURITY UPDATE: heap overflow via incorrect isolateCount
    - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
      source/common/ubidi.c.
    - CVE-2015-8146
  * SECURITY UPDATE: integer overflow via incorrect state size
    - debian/patches/CVE-2015-8147.patch: change state to int32_t in
      source/common/ubidiimp.h.
    - CVE-2015-8147

 -- Marc Deslauriers <email address hidden>  Fri, 08 May 2015 08:49:45 -0400
Obsolete in utopic-updates
Obsolete in utopic-security 
icu (52.1-6ubuntu0.3) utopic-security; urgency=medium

  * SECURITY UPDATE: heap overflow via incorrect isolateCount
    - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
      source/common/ubidi.c.
    - CVE-2015-8146
  * SECURITY UPDATE: integer overflow via incorrect state size
    - debian/patches/CVE-2015-8147.patch: change state to int32_t in
      source/common/ubidiimp.h.
    - CVE-2015-8147

 -- Marc Deslauriers <email address hidden>  Fri, 08 May 2015 08:49:12 -0400
Superseded in wily-release
Obsolete in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
icu (52.1-8) unstable; urgency=high


  * New maintainer (closes: #777694).
  * Update Standars-Version to 3.9.6 .

  [ Michael Gilbert <email address hidden> ]
  * Apply a more complete fix for CVE-2014-7940 (closes: #780503).
    - Thanks to Marc Deslauriers.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 17 Mar 2015 11:14:15 +0000

Available diffs

Superseded in precise-updates
Superseded in precise-security 
icu (4.8.1.1-3ubuntu0.5) precise-security; urgency=medium

  * SECURITY UPDATE: multiple issues via font file parsing (LP: #1429043)
    - debian/patches/layoutengine-security.patch: updated to fix ABI break
      and re-enabled.
    - debian/patches/CVE-2014-65xx.patch: re-enabled.
    - CVE-2013-1569
    - CVE-2013-2383
    - CVE-2013-2384
    - CVE-2013-2419
    - CVE-2014-6585
    - CVE-2014-6591
 -- Marc Deslauriers <email address hidden>   Mon, 09 Mar 2015 13:43:14 -0400
Superseded in precise-updates
Superseded in precise-security 
icu (4.8.1.1-3ubuntu0.4) precise-security; urgency=medium

  * SECURITY REGRESSION: libreoffice calc crash (LP: #1429043)
    - back out layoutengine-security.patch and CVE-2014-65xx.patch patches
      pending investigation.
 -- Marc Deslauriers <email address hidden>   Fri, 06 Mar 2015 11:36:47 -0500
Superseded in trusty-updates
Superseded in trusty-security 
icu (52.1-3ubuntu0.2) trusty-security; urgency=medium

  * SECURITY UPDATE: information disclosure via incorrect font file parsing
    - debian/patches/CVE-2014-65xx.patch: add checks to
      source/layout/ContextualSubstSubtables.cpp,
      source/layout/CursiveAttachmentSubtables.cpp,
      source/layout/Features.cpp,
      source/layout/LETableReference.h,
      source/layout/LigatureSubstSubtables.cpp,
      source/layout/MultipleSubstSubtables.cpp.
    - CVE-2014-6585
    - CVE-2014-6591
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7923.patch: add limits to
      source/i18n/regexcmp.cpp, add test to
      source/test/testdata/regextst.txt.
    - CVE-2014-7923
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7926.patch: fix incorrect optimization in
      source/i18n/regexcmp.cpp, fix comment in source/i18n/regexcmp.h,
      add test to source/test/testdata/regextst.txt.
    - CVE-2014-7926
  * SECURITY UPDATE: denial of service or possible code execution via
    uninitialized memory in the collator implementation
    - debian/patches/CVE-2014-7940.patch: properly handle memory in
      source/i18n/ucol.cpp.
    - CVE-2014-7940
  * SECURITY UPDATE: denial of service via incorrect pattern size limits
    - debian/patches/CVE-2014-9654.patch: check limits in
      source/common/unicode/utypes.h, source/common/utypes.c,
      source/i18n/regexcmp.cpp, source/i18n/regexcmp.h,
      source/i18n/regeximp.h, added test to
      source/test/intltest/regextst.cpp, source/test/intltest/regextst.h.
    - CVE-2014-9654
  * debian/patches/two-digit-year-test.patch: fix FTBFS caused by known
    test suite failure.
 -- Marc Deslauriers <email address hidden>   Wed, 04 Mar 2015 11:30:28 -0500
Superseded in utopic-updates
Superseded in utopic-security 
icu (52.1-6ubuntu0.2) utopic-security; urgency=medium

  * SECURITY UPDATE: information disclosure via incorrect font file parsing
    - debian/patches/CVE-2014-65xx.patch: add checks to
      source/layout/ContextualSubstSubtables.cpp,
      source/layout/CursiveAttachmentSubtables.cpp,
      source/layout/Features.cpp,
      source/layout/LETableReference.h,
      source/layout/LigatureSubstSubtables.cpp,
      source/layout/MultipleSubstSubtables.cpp.
    - CVE-2014-6585
    - CVE-2014-6591
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7923.patch: add limits to
      source/i18n/regexcmp.cpp, add test to
      source/test/testdata/regextst.txt.
    - CVE-2014-7923
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7926.patch: fix incorrect optimization in
      source/i18n/regexcmp.cpp, fix comment in source/i18n/regexcmp.h,
      add test to source/test/testdata/regextst.txt.
    - CVE-2014-7926
  * SECURITY UPDATE: denial of service or possible code execution via
    uninitialized memory in the collator implementation
    - debian/patches/CVE-2014-7940.patch: properly handle memory in
      source/i18n/ucol.cpp.
    - CVE-2014-7940
  * SECURITY UPDATE: denial of service via incorrect pattern size limits
    - debian/patches/CVE-2014-9654.patch: check limits in
      source/common/unicode/utypes.h, source/common/utypes.c,
      source/i18n/regexcmp.cpp, source/i18n/regexcmp.h,
      source/i18n/regeximp.h, added test to
      source/test/intltest/regextst.cpp, source/test/intltest/regextst.h.
    - CVE-2014-9654
 -- Marc Deslauriers <email address hidden>   Wed, 04 Mar 2015 11:33:14 -0500
Superseded in precise-updates
Superseded in precise-security 
icu (4.8.1.1-3ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: multiple issues via incorrect font file parsing
    - debian/patches/layoutengine-security.patch: backport a whole new
      layout engine to source/layout/*, as provided by upstream.
    - CVE-2013-1569
    - CVE-2013-2383
    - CVE-2013-2384
    - CVE-2013-2419
  * SECURITY UPDATE: information disclosure via incorrect font file parsing
    - debian/patches/CVE-2014-65xx.patch: add checks to
      source/layout/ContextualSubstSubtables.cpp,
      source/layout/CursiveAttachmentSubtables.cpp,
      source/layout/Features.cpp,
      source/layout/LETableReference.h,
      source/layout/LigatureSubstSubtables.cpp,
      source/layout/MultipleSubstSubtables.cpp.
    - CVE-2014-6585
    - CVE-2014-6591
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7923.patch: add limits to
      source/i18n/regexcmp.cpp, add test to
      source/test/testdata/regextst.txt.
    - CVE-2014-7923
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7926.patch: fix incorrect optimization in
      source/i18n/regexcmp.cpp, fix comment in source/i18n/regexcmp.h,
      add test to source/test/testdata/regextst.txt.
    - CVE-2014-7926
  * SECURITY UPDATE: denial of service or possible code execution via
    uninitialized memory in the collator implementation
    - debian/patches/CVE-2014-7940.patch: properly handle memory in
      source/i18n/ucol.cpp.
    - CVE-2014-7940
  * SECURITY UPDATE: denial of service via incorrect pattern size limits
    - debian/patches/CVE-2014-9654.patch: fix case insensitive matches and
      check limits in source/common/unicode/utypes.h,
      source/common/utypes.c,
      source/i18n/regexcmp.cpp, source/i18n/regexcmp.h,
      source/i18n/regeximp.h, source/i18n/i18n.vcxproj.filters,
      source/i18n/unicode/regex.h, source/i18n/regeximp.cpp,
      source/i18n/rematch.cpp, source/i18n/i18n.vcxproj,
      source/i18n/Makefile.in, added tests to
      source/test/intltest/regextst.cpp, source/test/intltest/regextst.h,
      source/test/testdata/regextst.txt.
    - CVE-2014-9654
  * debian/rules: added cdbs autotools rule and adjust DEB_SRCDIR so test
    suite gets run during build.
  * debian/patches/two-digit-year-test.patch: fix test suite failure.
 -- Marc Deslauriers <email address hidden>   Wed, 04 Mar 2015 11:14:58 -0500
Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
icu (52.1-7.1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Unfixed issue from the previous upload (closes: #776264)
    - CVE-2014-6585: out-of-bounds read.
  * Issues fixed in chromium 40.0.2214.91 (closes: #776265, #776719).
    - CVE-2014-7923: memory corruption in regular expression comparison.
    - CVE-2014-7926: memory corruption in regular expression comparison.
    - CVE-2014-7940: uninitialized memory in i18n/icol.cpp.
    - CVE-2014-9654: more regular expression handling issues.

 -- Michael Gilbert <email address hidden>  Sun, 15 Feb 2015 22:19:14 +0000

Available diffs

Superseded in vivid-release
Deleted in vivid-proposed (Reason: moved to release) 
icu (52.1-7) unstable; urgency=high


  * Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug.
    (Closes: #775884)

 -- Jay Berkenbilt <email address hidden>  Wed, 21 Jan 2015 21:33:19 -0500

Available diffs

Superseded in vivid-release
Obsolete in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
icu (52.1-6) unstable; urgency=medium


  * Ensure that only flags intended to be set by users make it into
    icu-config. Previously hardening flags were sneaking in there.
    (Closes: #759792)

 -- Jay Berkenbilt <email address hidden>  Mon, 29 Sep 2014 09:59:09 -0400

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
icu (52.1-5) unstable; urgency=medium


  * Switch hardening back to dpkg-buildflags. It wasn't previously working
    but now is, probably because of other bugfixes that have happened in
    the mean time.

 -- Jay Berkenbilt <email address hidden>  Sat, 26 Jul 2014 12:54:32 -0400

Available diffs

Superseded in utopic-release
Deleted in utopic-proposed (Reason: moved to release) 
icu (52.1-4) unstable; urgency=medium


  * Fix test case that fails with gcc 4.9. Fix is from upstream. (Closes:
    #746860)

 -- Jay Berkenbilt <email address hidden>  Sat, 21 Jun 2014 16:52:47 -0400

Available diffs

Superseded in utopic-release
Published in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
icu (52.1-3) unstable; urgency=medium


  * Add package dependency information to assist with upgrades in Ubuntu.
    This eliminates the need for a delta on the Ubuntu version of the
    package.

 -- Jay Berkenbilt <email address hidden>  Tue, 24 Dec 2013 11:45:03 -0500
Superseded in trusty-proposed 
icu (52.1-2ubuntu1) trusty; urgency=medium

  * Merge from Debian, remaining changes (LP: #1263706):
    - Add icu-tools to icu-devtools Breaks & Replaces, to allow smooth
      upgrades on ubuntu 13.10 -> 14.04. Drop after Trusty release.
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
icu (4.8.1.1-13+nmu1ubuntu1) trusty; urgency=low

  * Add icu-tools to icu-devtools Breaks & Replaces, to allow smooth
    upgrades on ubuntu. Needed until after Trusty release.
 -- Dmitrijs Ledkovs <email address hidden>   Thu, 31 Oct 2013 15:14:22 +0000
Superseded in trusty-release
Deleted in trusty-proposed (Reason: moved to release) 
icu (4.8.1.1-13+nmu1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-2924: use-after-free issue in csrucode.cpp (closes: #726477).

 -- Michael Gilbert <email address hidden>  Sun, 27 Oct 2013 03:49:58 +0000
Superseded in trusty-release
Obsolete in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
icu (4.8.1.1-12ubuntu2) saucy; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    use after free.
    - debian/patches/CVE-2013-2924.patch: check lengths in
      source/i18n/csrucode.cpp.
    - CVE-2013-2924
 -- Marc Deslauriers <email address hidden>   Thu, 10 Oct 2013 10:28:18 -0400
Superseded in precise-updates
Superseded in precise-security 
icu (4.8.1.1-3ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    race condition.
    - debian/patches/CVE-2013-0900.patch: fix thread safety issue in
      source/common/locid.cpp, source/common/unicode/locid.h.
    - CVE-2013-0900
  * SECURITY UPDATE: denial of service and possible code execution via
    use after free.
    - debian/patches/CVE-2013-2924.patch: check lengths in
      source/i18n/csrucode.cpp.
    - CVE-2013-2924
 -- Marc Deslauriers <email address hidden>   Thu, 10 Oct 2013 10:40:19 -0400
Obsolete in raring-updates
Obsolete in raring-security 
icu (4.8.1.1-12ubuntu0.1) raring-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    use after free.
    - debian/patches/CVE-2013-2924.patch: check lengths in
      source/i18n/csrucode.cpp.
    - CVE-2013-2924
 -- Marc Deslauriers <email address hidden>   Thu, 10 Oct 2013 10:31:53 -0400
Obsolete in quantal-updates
Obsolete in quantal-security 
icu (4.8.1.1-8ubuntu0.1) quantal-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    race condition.
    - debian/patches/CVE-2013-0900.patch: fix thread safety issue in
      source/common/locid.cpp, source/common/unicode/locid.h.
    - CVE-2013-0900
  * SECURITY UPDATE: denial of service and possible code execution via
    use after free.
    - debian/patches/CVE-2013-2924.patch: check lengths in
      source/i18n/csrucode.cpp.
    - CVE-2013-2924
 -- Marc Deslauriers <email address hidden>   Thu, 10 Oct 2013 10:33:37 -0400
Superseded in saucy-release
Deleted in saucy-proposed (Reason: moved to release) 
icu (4.8.1.1-12ubuntu1) saucy; urgency=low

  * Multi-arch libicu-dev. (Closes: #699763)
 -- Dmitrijs Ledkovs <email address hidden>   Fri, 16 Aug 2013 18:14:41 +0100
Superseded in saucy-release
Obsolete in raring-release
Deleted in raring-proposed (Reason: moved to release) 
icu (4.8.1.1-12) unstable; urgency=high


  * Add patch to address CVE-2013-0900, a threading race condition.
    (Closes: #702346)

 -- Jay Berkenbilt <email address hidden>  Thu, 21 Mar 2013 11:29:08 -0400

Available diffs

Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
icu (4.8.1.1-11) unstable; urgency=medium


  * Fix crash on rendering incremental Malayalam text input.  Thanks Colin
    Watson. (Closes: #702982)

 -- Jay Berkenbilt <email address hidden>  Sat, 16 Mar 2013 14:58:15 -0400
Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
icu (4.8.1.1-10ubuntu1) raring; urgency=low

  * Fix crash on rendering incremental Malayalam text input (LP: #1130284).
 -- Colin Watson <email address hidden>   Wed, 13 Mar 2013 16:13:05 +0000
Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
icu (4.8.1.1-10) unstable; urgency=low


  * Include pkg-config files in dev package.  Thanks Tommi Vainikainen.
    (Closes: #687339)

 -- Jay Berkenbilt <email address hidden>  Sat, 17 Nov 2012 14:37:40 -0500
Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
icu (4.8.1.1-9ubuntu1) raring; urgency=low

  * debian/libicu-dev.install: Install .pc files (LP: #1037588).
 -- Thomas Bechtold <email address hidden>   Tue, 13 Nov 2012 12:16:57 +0100
Superseded in raring-release
Deleted in raring-proposed (Reason: moved to release) 
icu (4.8.1.1-9) unstable; urgency=low


  * debian/rules: Use xz compression for binary packages.
    (Closes: #683901)

 -- Jay Berkenbilt <email address hidden>  Sat, 11 Aug 2012 12:41:28 -0400

Available diffs

Superseded in raring-release
Obsolete in quantal-release 
icu (4.8.1.1-8) unstable; urgency=low


  * Switch hardening back to hardening-wrapper again since otherwise some
    things sneak into icu-config's output.

 -- Jay Berkenbilt <email address hidden>  Tue, 05 Jun 2012 14:27:27 -0400

Available diffs

Superseded in quantal-release 
icu (4.8.1.1-7) unstable; urgency=low


  * Switch hardening back to dpkg-buildoptions.
  * Fix doc install for newer doxygen.  (Closes: #674382)

 -- Jay Berkenbilt <email address hidden>  Thu, 24 May 2012 13:55:13 -0400

Available diffs

Superseded in quantal-release 
icu (4.8.1.1-6) unstable; urgency=low


  * Remove 32-bit packages built on 64-bit architectures, and enable
    Multiarch.  (Closes: #665416)

 -- Jay Berkenbilt <email address hidden>  Sun, 22 Apr 2012 08:40:16 -0400

Available diffs

Superseded in quantal-release 
icu (4.8.1.1-5) unstable; urgency=low


  * Enable security hardening flags.  Thanks to Simon Ruderich for doing
    100% of the work, sending a clean patch, and providing clear
    instructions on how to verify.  (Closes: #663601)

 -- Jay Berkenbilt <email address hidden>  Fri, 23 Mar 2012 22:45:55 -0400

Available diffs

Obsolete in maverick-updates
Obsolete in maverick-security 
icu (4.2.1-3ubuntu0.10.10.1) maverick-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    out of bounds access
    - debian/patches/CVE-2011-4599.patch: add bounds checks in
      source/common/uloc.c.
    - CVE-2011-4599
 -- Marc Deslauriers <email address hidden>   Wed, 25 Jan 2012 15:11:21 -0500
Obsolete in lucid-updates
Obsolete in lucid-security 
icu (4.2.1-3ubuntu0.10.04.1) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    out of bounds access
    - debian/patches/CVE-2011-4599.patch: add bounds checks in
      source/common/uloc.c.
    - CVE-2011-4599
 -- Marc Deslauriers <email address hidden>   Wed, 25 Jan 2012 15:13:36 -0500
Obsolete in natty-updates
Obsolete in natty-security 
icu (4.4.2-2ubuntu0.11.04.1) natty-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    out of bounds access
    - debian/patches/CVE-2011-4599.patch: add bounds checks in
      source/common/uloc.c.
    - CVE-2011-4599
 -- Marc Deslauriers <email address hidden>   Wed, 25 Jan 2012 14:39:39 -0500
Obsolete in oneiric-updates
Obsolete in oneiric-security 
icu (4.4.2-2ubuntu0.11.10.1) oneiric-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    out of bounds access
    - debian/patches/CVE-2011-4599.patch: add bounds checks in
      source/common/uloc.c.
    - CVE-2011-4599
 -- Marc Deslauriers <email address hidden>   Wed, 25 Jan 2012 14:21:17 -0500
Superseded in quantal-release
Published in precise-release 
icu (4.8.1.1-3) unstable; urgency=high


  * Add patch to address CVE-2011-4599, a potential buffer overflow.
    (Closes: #654883)

 -- Jay Berkenbilt <email address hidden>  Sat, 21 Jan 2012 19:44:44 -0500

Available diffs

Superseded in precise-release 
icu (4.8.1.1-2) unstable; urgency=low

  * debian/patches/icudata-stdlibs.patch: Link stdlibs to libicudata so we
    get reasonably sane ELF headers on armhf.  Thanks Adam Conrad
    <email address hidden>.  (Closes: #653457)
 -- Adam Conrad <adconrad@0c3.net>   Wed,  04 Jan 2012 17:26:13 +0000

Available diffs

Superseded in precise-release 
icu (4.8.1.1-1ubuntu1) precise; urgency=low

  * debian/patches/link-stdlibs.patch: Link stdlibs to libicudata
    so we get reasonably sane ELF headers on armhf.
 -- Adam Conrad <email address hidden>   Sun, 04 Dec 2011 02:53:18 -0700

Available diffs

Superseded in precise-release 
icu (4.8.1.1-1) unstable; urgency=low

  * New upstream release
  * Add simple patch to define PATH_MAX when not defined.  Not an ideal
    solution, but it will do for now.  (Closes: #643661)

Available diffs

Superseded in precise-release
Obsolete in oneiric-release
Obsolete in natty-release 
icu (4.4.2-2) unstable; urgency=low

  * Apply patch to fix Malayam rendering.  (Closes: #591615)
 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  26 Nov 2010 09:05:59 +0000

Available diffs

Superseded in natty-release 
icu (4.4.2-1) unstable; urgency=low

  * New upstream release
  * Updated standards version to 3.9.1; no changes required
 -- Ubuntu Archive Auto-Sync <email address hidden>   Mon,  18 Oct 2010 08:38:24 +0000

Available diffs

Superseded in natty-release 
icu (4.4.1-6) unstable; urgency=low

  * Include patch from Alexander Kurtz to solve failure to build from
    source resulting from doxygen generating different files.  (Closes:
    #590393)

Available diffs

Superseded in natty-release
Obsolete in maverick-release
Obsolete in lucid-release 
icu (4.2.1-3) unstable; urgency=low

  * Change install-doc target to not fail if there are subdirectories of
    doc/html.  This is necessary to handle the doc/html/search directory
    created by doxygen 3.6.1.  (Closes: #544799)

Available diffs

Superseded in lucid-release
Obsolete in karmic-release 
icu (4.0.1-2ubuntu2) karmic; urgency=low

  * No change rebuild to fix misbuilt binaries on armel.

 -- Loic Minier <email address hidden>   Wed, 21 Oct 2009 14:45:37 +0200

Available diffs

Obsolete in hardy-updates
Obsolete in hardy-security 
icu (3.8-6ubuntu0.2) hardy-security; urgency=low

  * SECURITY UPDATE: fix improper handling of invalid byte sequences
    during Unicode conversion
    - debian/07-CVE-2009-0153.patch: backported patch thanks to RedHat via
      Debian
    - 03-redhat.icu5797.patch, 04-redhat.icu6001.patch, and
      05-redhat.icu6002.patch required for applying 07-CVE-2009-0153.patch
      with 06-CVE-2008-1036.patch needing adjustments. Patch from Debian.
    - CVE-2009-0153

 -- Jamie Strandboge <email address hidden>   Wed, 07 Oct 2009 11:33:48 -0500

Available diffs

Obsolete in intrepid-updates
Obsolete in intrepid-security 
icu (3.8.1-2ubuntu0.2) intrepid-security; urgency=low

  * SECURITY UPDATE: fix improper handling of invalid byte sequences
    during Unicode conversion
    - debian/07-CVE-2009-0153.patch: backported patch thanks to RedHat via
      Debian
    - 03-redhat.icu5797.patch, 04-redhat.icu6001.patch, and
      05-redhat.icu6002.patch required for applying 07-CVE-2009-0153.patch
      with 06-CVE-2008-1036.patch needing adjustments. Patch from Debian.
    - CVE-2009-0153

 -- Jamie Strandboge <email address hidden>   Wed, 07 Oct 2009 10:52:20 -0500
Obsolete in jaunty-updates
Obsolete in jaunty-security 
icu (3.8.1-3ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: fix improper handling of invalid byte sequences
    during Unicode conversion
    - debian/07-CVE-2009-0153.patch: backported patch thanks to RedHat via
      Debian
    - 03-redhat.icu5797.patch, 04-redhat.icu6001.patch, and
      05-redhat.icu6002.patch required for applying 07-CVE-2009-0153.patch
      with 06-CVE-2008-1036.patch needing adjustments. Patch from Debian.
    - CVE-2009-0153

 -- Jamie Strandboge <email address hidden>   Wed, 07 Oct 2009 10:29:13 -0500
Superseded in karmic-release 
icu (4.0.1-2ubuntu1) karmic; urgency=low

  * Backport from unstable (Jay Berkenbilt):
    - Change install-doc target to not fail if there are subdirectories of
      doc/html.  This is necessary to handle the doc/html/search directory
      created by doxygen 3.6.1.

 -- Colin Watson <email address hidden>   Wed, 07 Oct 2009 10:43:39 +0100

Available diffs

Superseded in karmic-release 
icu (4.0.1-2) unstable; urgency=low

  * Include work-around from 3.8.1-3, inadvertently omitted from 4.0.1-1.

Available diffs

Superseded in karmic-release
Obsolete in jaunty-release 
icu (3.8.1-3ubuntu1) jaunty; urgency=low

  * SECURITY UPDATE: Cross-site scripting attack via invalid character
    sequences (LP: #341834)
    - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
      source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
      invalid character sequences. Also, add test case to
      source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
    - CVE-2008-1036

 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2009 08:37:53 -0400

Available diffs

Superseded in intrepid-updates
Superseded in intrepid-security 
icu (3.8.1-2ubuntu0.1) intrepid-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting attack via invalid character
    sequences (LP: #341834)
    - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
      source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
      invalid character sequences. Also, add test case to
      source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
    - CVE-2008-1036

 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2009 09:09:07 -0400
Superseded in hardy-updates
Superseded in hardy-security 
icu (3.8-6ubuntu0.1) hardy-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting attack via invalid character
    sequences (LP: #341834)
    - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
      source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
      invalid character sequences. Also, add test case to
      source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
    - CVE-2008-1036

 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2009 09:55:21 -0400
Obsolete in gutsy-updates
Obsolete in gutsy-security 
icu (3.6-3ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting attack via invalid character
    sequences (LP: #341834)
    - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
      source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
      invalid character sequences. Also, add test case to
      source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
    - CVE-2008-1036

 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2009 10:54:08 -0400
Obsolete in dapper-updates
Obsolete in dapper-security 
icu (3.4.1a-1ubuntu1.6.06.2) dapper-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting attack via invalid character
    sequences (LP: #341834)
    - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
      source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
      invalid character sequences. Also, add test case to
      source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
    - CVE-2008-1036

 -- Marc Deslauriers <email address hidden>   Wed, 25 Mar 2009 11:29:29 -0400
Superseded in jaunty-release 
icu (3.8.1-3) unstable; urgency=medium

  * Work around gcc internal error on armel.  Temporary until bug 484053
    is resolved.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Tue,  04 Nov 2008 21:26:17 +0000

Available diffs

Superseded in jaunty-release
Obsolete in intrepid-release 
icu (3.8.1-2) unstable; urgency=low

  * Patch from Harshula to fix split conjuncts problem in
    Sinhala. (Closes: #483563)
  * Force structures to be padded at byte boundaries (rather than 32-bit
    boundaries) on arm. (Closes: #484138)
  * Update doc-base section.

 -- Ubuntu Archive Auto-Sync <email address hidden>   Sun,  08 Jun 2008 21:02:13 +0100

Available diffs

Superseded in intrepid-release 
icu (3.8.1-1) unstable; urgency=low

  * New upstream release
  * Patch to support GNU/kFreeBSD.  Thanks Aurelien Jarno.  (Closes: #
    461782)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Fri,  02 May 2008 02:09:10 +0100
Superseded in gutsy-updates
Superseded in gutsy-security 
icu (3.6-3ubuntu0.1) gutsy-security; urgency=low

  * SECURITY UPDATE: possible read from and write to out of bounds memory
    locations via back reference '\0' in regular expressions
  * SECURITY UPDATE: denial of service due to memory exhaustion via a
    crafted regular expression
  * debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to
    return error on invalid back reference. fix rematch.cpp, uvectr32.h and
    uvectr32.cpp to return error when capacity is greater than maxCapacity
  * References
    CVE-2007-4770
    CVE-2007-4771
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden>   Thu, 20 Mar 2008 14:45:37 -0400
Obsolete in feisty-updates
Obsolete in feisty-security 
icu (3.6-2ubuntu0.1) feisty-security; urgency=low

  * SECURITY UPDATE: possible read from and write to out of bounds memory
    locations via back reference '\0' in regular expressions
  * SECURITY UPDATE: denial of service due to memory exhaustion via a
    crafted regular expression
  * debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to
    return error on invalid back reference. fix rematch.cpp, uvectr32.h and
    uvectr32.cpp to return error when capacity is greater than maxCapacity
  * References
    CVE-2007-4770
    CVE-2007-4771
  * Modify Maintainer value to match the DebianMaintainerField
    specification.

 -- Jamie Strandboge <email address hidden>   Thu, 20 Mar 2008 14:45:12 -0400
Obsolete in edgy-updates
Obsolete in edgy-security 
icu (3.4.1a-1ubuntu1.6.10.1) edgy-security; urgency=low

  * SECURITY UPDATE: possible read from and write to out of bounds memory
    locations via back reference '\0' in regular expressions
  * SECURITY UPDATE: denial of service due to memory exhaustion via a
    crafted regular expression
  * debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to
    return error on invalid back reference. fix rematch.cpp, uvectr32.h and
    uvectr32.cpp to return error when capacity is greater than maxCapacity
  * References
    CVE-2007-4770
    CVE-2007-4771

 -- Jamie Strandboge <email address hidden>   Thu, 20 Mar 2008 14:29:07 -0400
Superseded in dapper-updates
Superseded in dapper-security 
icu (3.4.1a-1ubuntu1.6.06.1) dapper-security; urgency=low

  * SECURITY UPDATE: possible read from and write to out of bounds memory
    locations via back reference '\0' in regular expressions
  * SECURITY UPDATE: denial of service due to memory exhaustion via a
    crafted regular expression
  * debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to
    return error on invalid back reference. fix rematch.cpp, uvectr32.h and
    uvectr32.cpp to return error when capacity is greater than maxCapacity
  * References
    CVE-2007-4770
    CVE-2007-4771

 -- Jamie Strandboge <email address hidden>   Thu, 20 Mar 2008 14:31:40 -0400
Superseded in intrepid-release
Obsolete in hardy-release 
icu (3.8-6) unstable; urgency=high

  * Add debian/patches/00-cve-2007-4770-4771.patch created from with
    svn diff -c 23292 \
    http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8
    to address the following security vulnerablilities:
     - CVE-2007-4770: reference to non-existent capture group may
       cause access to invalid memory
     - CVE-2007-4771: buffer overflow in regexcmp.cpp
    (Closes: #463688)
  * Updated standards version to 3.7.3: no changes required.

 -- Michael Bienia <email address hidden>   Fri,  08 Feb 2008 13:24:37 +0000
Superseded in hardy-release 
icu (3.8-5) unstable; urgency=low

  * Filter out extraneous dependencies among different versions of the
    library packages. (Closes: #451767, 451978)
Superseded in hardy-release 
icu (3.6-10) unstable; urgency=low

  * It appears that amd64 requires 32-bit libraries to be in
    /emul/ia32-linux/usr/lib instead of /usr/lib32.  Following zlib's
    example of moving them around for amd64 only. (Closes: #451495)
Superseded in hardy-release 
icu (3.6-8) unstable; urgency=low

  * Clean up 32-bit library patch to avoid excessive and unnecessary runs
    of configure. (Closes: #447771)
  * make setBreakType public in rbbi.h; needed by OpenOffice.org.  This
    patch is included in OpenOffice.org's internal ICU.  Including it here
    allows OpenOffice.org to continue to use this ICU package.  Thanks
    Rene Engelhard.  (Closes: #448745)
  * Rename debian/watch.not-yet to debian/no-watch so it won't get picked
    up even though it's not supposed to.  ICU's ftp site uses a structure
    that isn't supported by uscan.  (Closes: #449701)

 -- Ubuntu Archive Auto-Sync <email address hidden>   Thu,  15 Nov 2007 10:46:40 +0000
76150 of 161 results FirstLast