Ubuntu
icu package

Sync icu 52.1-9 (main) from Debian unstable (main)

Bug #1455823 reported by Artur Rona on 2015-05-16

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	icu (Ubuntu)	Fix Released	Wishlist	Unassigned

Bug Description

Please sync icu 52.1-9 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: heap overflow via incorrect isolateCount
    - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
      source/common/ubidi.c.
    - CVE-2015-8146
  * SECURITY UPDATE: integer overflow via incorrect state size
    - debian/patches/CVE-2015-8147.patch: change state to int32_t in
      source/common/ubidiimp.h.
    - CVE-2015-8147

CVE is fixed in Debian, as well.

Changelog entries since current wily version 52.1-8ubuntu1:

icu (52.1-9) unstable; urgency=high

  * Fix security bugs (closes: #784773):
    - CVE-2014-8146 , a heap overflow,
    - CVE-2014-8147 , an integer overflow.

-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 08 May 2015 20:35:32 +0000

CVE References

Artur Rona (ari-tczew) on 2015-05-16

Changed in icu (Ubuntu):
importance:	Undecided → Wishlist

Revision history for this message

Daniel Holbach (dholbach) wrote on 2015-05-17:

This bug was fixed in the package icu - 52.1-9
Sponsored for Artur Rona (ari-tczew)

---------------
icu (52.1-9) unstable; urgency=high

  * Fix security bugs (closes: #784773):
    - CVE-2014-8146 , a heap overflow,
    - CVE-2014-8147 , an integer overflow.

-- Laszlo Boszormenyi (GCS) <email address hidden> Fri, 08 May 2015 20:35:32 +0000

Changed in icu (Ubuntu):
status:	New → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntuicu package