Your message dated Fri, 11 Sep 2015 16:05:39 +0000
with message-id <[email protected]>
and subject line Bug#798647: fixed in icu 55.1-5
has caused the Debian Bug report #798647,
regarding icu: CVE-2015-1270
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
798647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: icu
Version: 55.1-4
Severity: important
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for icu.
CVE-2015-1270[0]:
| The ucnv_io_getConverterName function in common/ucnv_io.cpp in
| International Components for Unicode (ICU), as used in Google Chrome
| before 44.0.2403.89, mishandles converter names with initial x-
| substrings, which allows remote attackers to cause a denial of service
| (read of uninitialized memory) or possibly have unspecified other
| impact via a crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1270
A patch was actually appiled for 55.1-3 but the patch is currently
missapplied.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: icu
Source-Version: 55.1-5
We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated icu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Fri, 11 Sep 2015 15:23:53 +0000
Source: icu
Binary: libicu55 libicu55-dbg libicu-dev icu-devtools icu-doc
Architecture: source amd64 all
Version: 55.1-5
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
icu-devtools - Development utilities for International Components for Unicode
icu-doc - API documentation for ICU classes and functions
libicu-dev - Development files for International Components for Unicode
libicu55 - International Components for Unicode
libicu55-dbg - International Components for Unicode
Closes: 798647
Changes:
icu (55.1-5) unstable; urgency=high
.
* Correct patch for CVE-2015-1270 (closes: #798647).
Checksums-Sha1:
6757505cf8b6bc5a133c434a49f2f411e454adb7 2033 icu_55.1-5.dsc
1a7d5bb84cbc4bddac105ba67a2974a1010362f9 20488 icu_55.1-5.debian.tar.xz
62395b74999c8ac70d7312cc7d323b8e5b21f893 176436 icu-devtools_55.1-5_amd64.deb
4c2c29f88463aa9af06cf10d6ee323b2e79f48db 2741682 icu-doc_55.1-5_all.deb
125bfef77a11e4de404239e690f26a3c0660dbda 8552808 libicu-dev_55.1-5_amd64.deb
fe2c620314b2187891b204ce0d4a75a06883cce3 6824850 libicu55-dbg_55.1-5_amd64.deb
6392a846c56938794f640c46d162382bbe4124b8 7650918 libicu55_55.1-5_amd64.deb
Checksums-Sha256:
cfcf4ea8ac76590c43c2a3a81cbd50c860debb1c0d61120e3b18b87bd3d06c4d 2033
icu_55.1-5.dsc
8cc59cc125a8eeee06e2d96a7d5e9fa1080eda2d6d10b25652a1810ab3d5f97e 20488
icu_55.1-5.debian.tar.xz
7dbccdf1155cb24f882897975e60178f58bb48c085277c46d96df5de6ca3605f 176436
icu-devtools_55.1-5_amd64.deb
9f28fbfbc226d8a47310d7a6c19a27de5def460838c0b927aa398e755806b7fa 2741682
icu-doc_55.1-5_all.deb
eda8afa2eb7ba75b6a4eafc1f9904b933e61206e57d9e6dfb87c7ab9121ea770 8552808
libicu-dev_55.1-5_amd64.deb
d5822862378ecbd3ebbc5beb3e9c51ff4bf718242fa3ea1db7eb438708f60a2c 6824850
libicu55-dbg_55.1-5_amd64.deb
40715b9a76ff26d390c4f94f094635774ad621910dd0c8092d869f4a9a08976c 7650918
libicu55_55.1-5_amd64.deb
Files:
64992ffb74a53ecd46753acac8c0b053 2033 libs optional icu_55.1-5.dsc
8ffc1c8187b89937f37b4c0b37e35b2c 20488 libs optional icu_55.1-5.debian.tar.xz
f47927bb9add0f71ea92e20512e16b53 176436 libdevel optional
icu-devtools_55.1-5_amd64.deb
779b7f25a7d05f53259133a6431bc039 2741682 doc optional icu-doc_55.1-5_all.deb
928d716afa56c0635f25be2df89a1c77 8552808 libdevel optional
libicu-dev_55.1-5_amd64.deb
f267235885aff82ab08d9dfbbcdef937 6824850 debug extra
libicu55-dbg_55.1-5_amd64.deb
e1ab16d0d5466cbb2008fdc77886f680 7650918 libs optional
libicu55_55.1-5_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV8vj/AAoJENzjEOeGTMi/rsAP/ioaZYy3ju3QyEQRu1BqC8Dr
U7ZU1AHzTtt0rX5yNVBaBONHQe1VFktJnOyrgsD/y7KQc35wuPQ1Gh51VYUDUYMl
TiUNaSUKUHzwA5WuHKqkWa78Zxw7H/n6Mk1sNTSr5PI5/u3shRu8c1p3VMAOM4DA
VLAAfoBa5n1r8W7lP6anLwQiNtsRQQ+HNYMlYgRRhSzd3R/yn6/Q+rSKVzpaKgYl
13LiOUZNR03z4hn19CWLb18RBL0+r3/tAXK31zdmlT922pW7jk7Y6RvUI+u+71Y8
8SeMNSNMibw387NE210fYuwFCqzvGWRrO5H8Mv+8LXdno3LProjMzRCzZOoB/Iss
tQHrUWKXe85VAa5Bvwq5VhEUez5qx5+J1BEDeOMOG+up4wG/XPKaYpEFn4o+VN/t
oC7vUrsKuA/rZBwMyh0CttxJ3j56Oq61N65X7N0LJU0798ZghqQWwcj8Guj8XLIH
sTj6zTfeD0eoN0AchYdyX15mpw+v8aeBTYi3i1/5NfaXV+gYo2qT7BLLEZ1uJXQV
MKi/4CnVTbwVfgKp46bWBPmToziOQHyFenXfHmV+ipWJS3k0fHSvmA7ezHflGp9Y
Efg/BnU9o/1hM7h+HrW/4VUa7Jmm/lSwWoNmmMA+8y/Jey/2DQ6FinLOzDHAK3ts
djtOPnky4NOFYTB0Gi+x
=KNfR
-----END PGP SIGNATURE-----
--- End Message ---
