← Back to team overview

touch-packages team mailing list archive

  1. touch-packages team
  2. Mailing list archive
  3. Message #78496

[Bug 1455823] [NEW] Sync icu 52.1-9 (main) from Debian unstable (main)

  Thread PreviousDate PreviousThread Next 
Public bug reported:

Please sync icu 52.1-9 (main) from Debian unstable (main)

Explanation of the Ubuntu delta and why it can be dropped:
  * SECURITY UPDATE: heap overflow via incorrect isolateCount
    - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
      source/common/ubidi.c.
    - CVE-2015-8146
  * SECURITY UPDATE: integer overflow via incorrect state size
    - debian/patches/CVE-2015-8147.patch: change state to int32_t in
      source/common/ubidiimp.h.
    - CVE-2015-8147

CVE is fixed in Debian, as well.

Changelog entries since current wily version 52.1-8ubuntu1:

icu (52.1-9) unstable; urgency=high

  * Fix security bugs (closes: #784773):
    - CVE-2014-8146 , a heap overflow,
    - CVE-2014-8147 , an integer overflow.

 -- Laszlo Boszormenyi (GCS) <gcs@xxxxxxxxxx>  Fri, 08 May 2015 20:35:32
+0000

** Affects: icu (Ubuntu)
     Importance: Wishlist
         Status: New

** Changed in: icu (Ubuntu)
   Importance: Undecided => Wishlist

-- 
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to icu in Ubuntu.
https://bugs.launchpad.net/bugs/1455823

Title:
  Sync icu 52.1-9 (main) from Debian unstable (main)

Status in icu package in Ubuntu:
  New

Bug description:
  Please sync icu 52.1-9 (main) from Debian unstable (main)

  Explanation of the Ubuntu delta and why it can be dropped:
    * SECURITY UPDATE: heap overflow via incorrect isolateCount
      - debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
        source/common/ubidi.c.
      - CVE-2015-8146
    * SECURITY UPDATE: integer overflow via incorrect state size
      - debian/patches/CVE-2015-8147.patch: change state to int32_t in
        source/common/ubidiimp.h.
      - CVE-2015-8147

  CVE is fixed in Debian, as well.

  Changelog entries since current wily version 52.1-8ubuntu1:

  icu (52.1-9) unstable; urgency=high

    * Fix security bugs (closes: #784773):
      - CVE-2014-8146 , a heap overflow,
      - CVE-2014-8147 , an integer overflow.

   -- Laszlo Boszormenyi (GCS) <gcs@xxxxxxxxxx>  Fri, 08 May 2015
  20:35:32 +0000

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/1455823/+subscriptions

Follow ups

References

  Thread PreviousDate PreviousThread Next