-
icu (3.4.1a-1ubuntu1.6.06.2) dapper-security; urgency=low
* SECURITY UPDATE: Cross-site scripting attack via invalid character
sequences (LP: #341834)
- debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
invalid character sequences. Also, add test case to
source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
- CVE-2008-1036
-- Marc Deslauriers <email address hidden> Wed, 25 Mar 2009 11:29:29 -0400
-
icu (3.4.1a-1ubuntu1.6.06.1) dapper-security; urgency=low
* SECURITY UPDATE: possible read from and write to out of bounds memory
locations via back reference '\0' in regular expressions
* SECURITY UPDATE: denial of service due to memory exhaustion via a
crafted regular expression
* debian/patches/SECURITY_CVE-2007-4770_4771.patch: fix regexcmp.cpp to
return error on invalid back reference. fix rematch.cpp, uvectr32.h and
uvectr32.cpp to return error when capacity is greater than maxCapacity
* References
CVE-2007-4770
CVE-2007-4771
-- Jamie Strandboge <email address hidden> Thu, 20 Mar 2008 14:31:40 -0400
-
icu (3.4.1a-1ubuntu1) dapper; urgency=low
* Synchronize with Debian unstable.
-- Matthias Klose <email address hidden> Mon, 24 Apr 2006 18:37:52 +0000
-
icu (3.4-4ubuntu1) dapper; urgency=low
* Fix Bengali rendering. Ubuntu #35085.
-- Matthias Klose <email address hidden> Wed, 15 Mar 2006 20:55:47 +0000
-
icu (3.4-4build1) dapper; urgency=low
* Rebuild using g++-4.0.
-- Matthias Klose <email address hidden> Thu, 16 Feb 2006 04:04:59 +0100
-
icu (3.4-3) unstable; urgency=low
* Explicitly build with g++ 3.4. The current ICU fails its test suite
with 4.0 but not with 3.4. Future versions should work properly with
4.0.
-- Jay Berkenbilt <email address hidden> Sat, 19 Nov 2005 11:29:31 -0500
