Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-11-25 Thread Salvatore Bonaccorso
Hi On Fri, Nov 25, 2016 at 07:17:41PM +0100, László Böszörményi (GCS) wrote: > On Fri, Nov 25, 2016 at 7:01 PM, Salvatore Bonaccorso > wrote: > > On Fri, Nov 18, 2016 at 06:38:57PM +0100, László Böszörményi wrote: > > According to upstream this has been fixed in 58.1

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-11-25 Thread GCS
On Fri, Nov 25, 2016 at 7:01 PM, Salvatore Bonaccorso wrote: > On Fri, Nov 18, 2016 at 06:38:57PM +0100, László Böszörményi wrote: > According to upstream this has been fixed in 58.1 upstream. The bug is > still not public, but this is as by >

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-11-25 Thread Salvatore Bonaccorso
Control: fixed -1 58.1-1 Hi, On Fri, Nov 18, 2016 at 06:38:57PM +0100, László Böszörményi wrote: > Hi Salvatore, > > Thanks for the ping and the actual ICU bug link. > > On Fri, Nov 18, 2016 at 3:34 PM, Salvatore Bonaccorso > wrote: > > According to

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-11-18 Thread GCS
Hi Salvatore, Thanks for the ping and the actual ICU bug link. On Fri, Nov 18, 2016 at 3:34 PM, Salvatore Bonaccorso wrote: > According to https://bugzilla.redhat.com/show_bug.cgi?id=1377361#c5 > there is now an upstream bug about the issue, but unfortunately for > some

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-11-18 Thread Salvatore Bonaccorso
Hi, On Tue, Oct 25, 2016 at 11:42:16AM -0400, Roberto C. Sánchez wrote: > On Tue, Oct 04, 2016 at 10:59:52PM +0200, László Böszörményi (GCS) wrote: > > I don't know more about this issue - upstream keep such bugreports > > secret, if any. I don't have a good connection with them (yet), but > >

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-10-25 Thread Roberto C . Sánchez
On Tue, Oct 04, 2016 at 10:59:52PM +0200, László Böszörményi (GCS) wrote: > I don't know more about this issue - upstream keep such bugreports > secret, if any. I don't have a good connection with them (yet), but > will try to know more about this. > Hi Laszlo, Have you been able to contact

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-10-04 Thread Salvatore Bonaccorso
On Tue, Oct 04, 2016 at 10:59:52PM +0200, László Böszörményi (GCS) wrote: > > Laszlo, do you know more already? Other distributions seem in the same > > boat, like Red Hat in > > https://bugzilla.redhat.com/show_bug.cgi?id=1377361#c3 > Sorry, I was on a trip and just arrived back on Sunday

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-10-04 Thread GCS
On Mon, Oct 3, 2016 at 2:37 PM, Salvatore Bonaccorso wrote: > On Sat, Oct 01, 2016 at 08:45:20PM -0400, Roberto C. Sánchez wrote: >> I tried for quite some time to reproduce this based on the original PHP >> bug report, but I was unable. I have annotated the security tracker

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-10-03 Thread Roberto C . Sánchez
On Mon, Oct 03, 2016 at 02:37:07PM +0200, Salvatore Bonaccorso wrote: > Hi > > On Sat, Oct 01, 2016 at 08:45:20PM -0400, Roberto C. Sánchez wrote: > > On Fri, Sep 30, 2016 at 07:45:33AM -0400, Roberto C. Sánchez wrote: > > > > > > I am currently preparing an LTS upload for this vulnerability. >

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-10-03 Thread Salvatore Bonaccorso
Hi On Sat, Oct 01, 2016 at 08:45:20PM -0400, Roberto C. Sánchez wrote: > On Fri, Sep 30, 2016 at 07:45:33AM -0400, Roberto C. Sánchez wrote: > > > > I am currently preparing an LTS upload for this vulnerability. > > > I tried for quite some time to reproduce this based on the original PHP >

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-10-01 Thread Roberto C . Sánchez
On Fri, Sep 30, 2016 at 07:45:33AM -0400, Roberto C. Sánchez wrote: > > I am currently preparing an LTS upload for this vulnerability. > I tried for quite some time to reproduce this based on the original PHP bug report, but I was unable. I have annotated the security tracker with my (lack of)

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-09-30 Thread Roberto C . Sánchez
found 838694 4.8.1.1-12+deb7u3 found 838694 4.8.1.1-12+deb7u5 thanks On Fri, Sep 23, 2016 at 07:26:28PM +0200, Salvatore Bonaccorso wrote: > > the following vulnerability was published for icu. > > CVE-2016-7415[0]: > | Stack-based buffer overflow in the Locale class in common/locid.cpp in > |

Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp

2016-09-23 Thread Salvatore Bonaccorso
Source: icu Version: 52.1-8 Severity: important Tags: security upstream Hi, the following vulnerability was published for icu. CVE-2016-7415[0]: | Stack-based buffer overflow in the Locale class in common/locid.cpp in | International Components for Unicode (ICU) through 57.1 for C/C++ | allows