-
icu (57.1-5ubuntu0.2) zesty-security; urgency=medium
* SECURITY UPDATE: double free
- debian/patches/CVE-2017-14952.patch: fixes double free in
createMetaZoneMappings() source/i18n/zonemeta.cpp.
- CVE-2017-14952
-- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Oct 2017 09:15:41 -0300
-
icu (57.1-5ubuntu0.1) zesty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in common/utext.cpp
(LP: #1684298)
- debian/patches/CVE-2017-786x.patch: properly handle chunk size in
source/common/utext.cpp, added test to
source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
- CVE-2017-7867
- CVE-2017-7868
-- Marc Deslauriers <email address hidden> Tue, 02 May 2017 08:14:14 -0400
-
icu (57.1-5) unstable; urgency=high
* Backport upstream fix for CVE-2016-7415: stack-based buffer overflow in
the Locale class via a long locale string (closes: #838694).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 26 Nov 2016 10:58:31 +0000
-
icu (57.1-4) unstable; urgency=high
* Backport upstream fix for CVE-2016-0494: integer signedness issue in
IndicRearrangementProcessor.
* Backport upstream fix for CVE-2016-6293: the uloc_acceptLanguageFromHTTP
function does not ensure that there is a '\0' character at the end of a
certain temporary array.
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 07 Sep 2016 22:17:44 +0000