-
icu (52.1-8ubuntu0.2) vivid-security; urgency=medium
* SECURITY UPDATE: denial of service via mishandling of converter names
with initial x- substrings
- debian/patches/CVE-2015-1270.patch: fix logic in
source/common/ucnv_io.cpp.
- CVE-2015-1270
* SECURITY UPDATE: information disclosure via overflows
- debian/patches/CVE-2015-2632.patch: properly calculate index in
source/layout/Features.cpp, check for overflows in
source/layout/LETableReference.h.
- CVE-2015-2632
* SECURITY UPDATE: denial of service and possible code execution via
overflows
- debian/patches/CVE-2015-4760.patch: check bounds in
source/layout/ContextualGlyphInsertionProc2.cpp,
source/layout/ContextualGlyphSubstProc.cpp,
source/layout/ContextualGlyphSubstProc2.cpp,
source/layout/IndicRearrangementProcessor.cpp,
source/layout/IndicRearrangementProcessor2.cpp,
use unsigned flags in source/layout/LigatureSubstProc.cpp,
source/layout/StateTables.h, properly handle errors in
source/layout/StateTableProcessor.cpp,
source/layout/StateTableProcessor2.cpp.
- CVE-2015-4760
-- Marc Deslauriers <email address hidden> Fri, 11 Sep 2015 08:47:49 -0400
-
icu (52.1-8ubuntu0.1) vivid-security; urgency=medium
* SECURITY UPDATE: heap overflow via incorrect isolateCount
- debian/patches/CVE-2015-8146.patch: check for valid isolateCount in
source/common/ubidi.c.
- CVE-2015-8146
* SECURITY UPDATE: integer overflow via incorrect state size
- debian/patches/CVE-2015-8147.patch: change state to int32_t in
source/common/ubidiimp.h.
- CVE-2015-8147
-- Marc Deslauriers <email address hidden> Fri, 08 May 2015 08:29:07 -0400
-
icu (52.1-8) unstable; urgency=high
* New maintainer (closes: #777694).
* Update Standars-Version to 3.9.6 .
[ Michael Gilbert <email address hidden> ]
* Apply a more complete fix for CVE-2014-7940 (closes: #780503).
- Thanks to Marc Deslauriers.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 17 Mar 2015 11:14:15 +0000
-
icu (52.1-7.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Unfixed issue from the previous upload (closes: #776264)
- CVE-2014-6585: out-of-bounds read.
* Issues fixed in chromium 40.0.2214.91 (closes: #776265, #776719).
- CVE-2014-7923: memory corruption in regular expression comparison.
- CVE-2014-7926: memory corruption in regular expression comparison.
- CVE-2014-7940: uninitialized memory in i18n/icol.cpp.
- CVE-2014-9654: more regular expression handling issues.
-- Michael Gilbert <email address hidden> Sun, 15 Feb 2015 22:19:14 +0000
-
icu (52.1-7) unstable; urgency=high
* Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug.
(Closes: #775884)
-- Jay Berkenbilt <email address hidden> Wed, 21 Jan 2015 21:33:19 -0500
-
icu (52.1-6) unstable; urgency=medium
* Ensure that only flags intended to be set by users make it into
icu-config. Previously hardening flags were sneaking in there.
(Closes: #759792)
-- Jay Berkenbilt <email address hidden> Mon, 29 Sep 2014 09:59:09 -0400
