[Bug 1684298] Re: Security issues (solved in Debian) - affecting icu52 in trusty
Launchpad Bug Tracker
1684298 at bugs.launchpad.net
Tue May 2 18:15:28 UTC 2017
This bug was fixed in the package icu - 57.1-4ubuntu0.2
---------------
icu (57.1-4ubuntu0.2) yakkety-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in common/utext.cpp
(LP: #1684298)
- debian/patches/CVE-2017-786x.patch: properly handle chunk size in
source/common/utext.cpp, added test to
source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
- CVE-2017-7867
- CVE-2017-7868
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Tue, 02 May 2017
08:32:50 -0400
** Changed in: icu (Ubuntu)
Status: New => Fix Released
** Changed in: icu (Ubuntu)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to icu in Ubuntu.
https://bugs.launchpad.net/bugs/1684298
Title:
Security issues (solved in Debian) - affecting icu52 in trusty
Status in icu package in Ubuntu:
Fix Released
Bug description:
Date Reported:
19 Apr 2017
Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
More information:
It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code.
For the stable distribution (jessie), these problems have been fixed
in version 52.1-8+deb8u5.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/1684298/+subscriptions
More information about the foundations-bugs
mailing list