Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2008-1036

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Related bugs and status

CVE-2008-1036 (Candidate) is related to these bugs:

Bug #341834: empty segment fixes

Summary				In	Importance	Status
	341834	empty segment fixes		icu (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

APPLE: APPLE-SA-2008-05-28
CERT: TA08-150A
BID: 29412
SECTRACK: 1020139
SECUNIA: 30430
BID: 29488
REDHAT: RHSA-2009:0296
SECUNIA: 34290
UBUNTU: USN-747-1
DEBIAN: DSA-1762
MISC: http://wiki.rpath.com/...
SECUNIA: 34777
VUPEN: ADV-2008-1697
XF: macosx-icu-security-by...
OVAL: oval:org.mitre.oval:de...