[Bug 1684298] [NEW] Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty

Andrei Coada 1684298 at bugs.launchpad.net
Wed Apr 19 21:36:43 UTC 2017 

*** This bug is a security vulnerability ***

Public security bug reported:

Date Reported:
19 Apr 2017

Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.

More information:
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u5.

** Affects: icu (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7867

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7868

** Description changed:

  Date Reported:
  19 Apr 2017
  
  Security database references:
- In the Debian bugtracking system: Bug 860314.
+ In the Debian bugtracking system: 860314.
  In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
  
  More information:
  It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.
  
  For the stable distribution (jessie), these problems have been fixed in
  version 52.1-8+deb8u5.

** Summary changed:

- Security issues (solved in Debian)
+ Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to icu in Ubuntu.
https://bugs.launchpad.net/bugs/1684298

Title:
  Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
  trusty

Status in icu package in Ubuntu:
  New

Bug description:
  Date Reported:
  19 Apr 2017

  Security database references:
  In the Debian bugtracking system: 860314.
  In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.

  More information:
  It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.

  For the stable distribution (jessie), these problems have been fixed
  in version 52.1-8+deb8u5.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/1684298/+subscriptions

More information about the foundations-bugs mailing list