-
icu (3.8-6ubuntu0.2) hardy-security; urgency=low
* SECURITY UPDATE: fix improper handling of invalid byte sequences
during Unicode conversion
- debian/07-CVE-2009-0153.patch: backported patch thanks to RedHat via
Debian
- 03-redhat.icu5797.patch, 04-redhat.icu6001.patch, and
05-redhat.icu6002.patch required for applying 07-CVE-2009-0153.patch
with 06-CVE-2008-1036.patch needing adjustments. Patch from Debian.
- CVE-2009-0153
-- Jamie Strandboge <email address hidden> Wed, 07 Oct 2009 11:33:48 -0500
-
icu (3.8-6ubuntu0.1) hardy-security; urgency=low
* SECURITY UPDATE: Cross-site scripting attack via invalid character
sequences (LP: #341834)
- debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
invalid character sequences. Also, add test case to
source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
- CVE-2008-1036
-- Marc Deslauriers <email address hidden> Wed, 25 Mar 2009 09:55:21 -0400
-
icu (3.8-6) unstable; urgency=high
* Add debian/patches/00-cve-2007-4770-4771.patch created from with
svn diff -c 23292 \
http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8
to address the following security vulnerablilities:
- CVE-2007-4770: reference to non-existent capture group may
cause access to invalid memory
- CVE-2007-4771: buffer overflow in regexcmp.cpp
(Closes: #463688)
* Updated standards version to 3.7.3: no changes required.
-- Michael Bienia <email address hidden> Fri, 08 Feb 2008 13:24:37 +0000
-
icu (3.8-5) unstable; urgency=low
* Filter out extraneous dependencies among different versions of the
library packages. (Closes: #451767, 451978)
icu (3.8-4) experimental; urgency=low
* Include changes from 3.6-10.
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 03 Dec 2007 09:53:16 +0000
-
icu (3.6-10) unstable; urgency=low
* It appears that amd64 requires 32-bit libraries to be in
/emul/ia32-linux/usr/lib instead of /usr/lib32. Following zlib's
example of moving them around for amd64 only. (Closes: #451495)
icu (3.6-9) unstable; urgency=low
* Yet another 32-bit library fix. Files were installed in /32 because
of the debian/tmp32 thing. How did this ever work? (Closes: #451495)
-- Ubuntu Archive Auto-Sync <email address hidden> Mon, 19 Nov 2007 14:05:15 +0000
-
icu (3.6-8) unstable; urgency=low
* Clean up 32-bit library patch to avoid excessive and unnecessary runs
of configure. (Closes: #447771)
* make setBreakType public in rbbi.h; needed by OpenOffice.org. This
patch is included in OpenOffice.org's internal ICU. Including it here
allows OpenOffice.org to continue to use this ICU package. Thanks
Rene Engelhard. (Closes: #448745)
* Rename debian/watch.not-yet to debian/no-watch so it won't get picked
up even though it's not supposed to. ICU's ftp site uses a structure
that isn't supported by uscan. (Closes: #449701)
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 15 Nov 2007 10:46:40 +0000
-
icu (3.6-7) unstable; urgency=low
* Fix bug in which 32-bit library installs were overwriting files for
64-bit libraries on amd64. Thanks Robert Millan for the patch.
(Closes: #447275).
icu (3.6-6) unstable; urgency=low
* Oops: fixed one more problem with 32-bit builds on a 64-bit platform.
Thanks Aaron Ucko. (Closes: #398778)
icu (3.6-5) unstable; urgency=low
* Add additional Build-Depends for 64-bit platforms. Thanks Robert
Millan. (Closes: #398778)
icu (3.6-4) unstable; urgency=low
* Accepted patch from Robert Millan (with very slight, mostly cosmetic
modifications) to build 32-bit libraries on 64-bit architectures.
Many thanks to Robert Millan for supplying this patch! (Closes:
#398778)
-- Ubuntu Archive Auto-Sync <email address hidden> Tue, 23 Oct 2007 16:40:33 +0100
-
icu (3.6-3) unstable; urgency=low
* Include patch from Samuel Thibault to allow icu to build on gnu hurd.
(Closes: #414446)
-- Matthias Klose <email address hidden> Fri, 20 Jul 2007 09:51:07 +0100
