empty segment fixes
Bug #341834 reported by
Kees Cook
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
icu (Ubuntu) |
Fix Released
|
Undecided
|
Marc Deslauriers |
Bug Description
International Components for Unicode (ICU) in Apple Mac OS X before 10.5.3 omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
CVE-2008-1036
Attached fix is from upstream, thanks to RedHat
CVE References
Changed in icu (Ubuntu): | |
assignee: | nobody → mdeslaur |
status: | New → In Progress |
To post a comment you must log in.
This bug was fixed in the package icu - 3.6-3ubuntu0.2
---------------
icu (3.6-3ubuntu0.2) gutsy-security; urgency=low
* SECURITY UPDATE: Cross-site scripting attack via invalid character patches/ 03-cve- 2008-1036. patch: Improve parsing logic in common/ {ucnv2022. c,ucnv_ bld.*,ucnv. c,ucnvhz. c} to replace test/{cintltst/ nucnvtst. c,testdata/ conversion. txt}.
sequences (LP: #341834)
- debian/
source/
invalid character sequences. Also, add test case to
source/
- CVE-2008-1036
-- Marc Deslauriers <email address hidden> Wed, 25 Mar 2009 10:54:08 -0400