Your message dated Tue, 15 Sep 2015 21:32:07 +0000
with message-id <[email protected]>
and subject line Bug#798647: fixed in icu 52.1-8+deb8u3
has caused the Debian Bug report #798647,
regarding icu: CVE-2015-1270
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
798647: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: icu
Version: 55.1-4
Severity: important
Tags: security patch upstream fixed-upstream
Hi,
the following vulnerability was published for icu.
CVE-2015-1270[0]:
| The ucnv_io_getConverterName function in common/ucnv_io.cpp in
| International Components for Unicode (ICU), as used in Google Chrome
| before 44.0.2403.89, mishandles converter names with initial x-
| substrings, which allows remote attackers to cause a denial of service
| (read of uninitialized memory) or possibly have unspecified other
| impact via a crafted file.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2015-1270
A patch was actually appiled for 55.1-3 but the patch is currently
missapplied.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: icu
Source-Version: 52.1-8+deb8u3
We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated icu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 14 Sep 2015 17:24:55 +0200
Source: icu
Binary: libicu52 libicu52-dbg libicu-dev icu-devtools icu-doc
Architecture: source all amd64
Version: 52.1-8+deb8u3
Distribution: jessie-security
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
icu-devtools - Development utilities for International Components for Unicode
icu-doc - API documentation for ICU classes and functions
libicu-dev - Development files for International Components for Unicode
libicu52 - International Components for Unicode
libicu52-dbg - International Components for Unicode
Closes: 798647
Changes:
icu (52.1-8+deb8u3) jessie-security; urgency=high
.
* Fix CVE-2015-1270 - uninitialized memory read (closes: #798647).
Checksums-Sha1:
2d8c9058226847470019c251e728a5f5d410a5e1 2001 icu_52.1-8+deb8u3.dsc
defbbf4639e70cc75fcde93f12eb7b8b9253337d 28472 icu_52.1-8+deb8u3.debian.tar.xz
d8241f8d8945864bb9a0541922573463bf3dcf74 2631132 icu-doc_52.1-8+deb8u3_all.deb
e5575a844f3d3ce13ddcfac2e6b0fbc0e617ab4b 6784216
libicu52_52.1-8+deb8u3_amd64.deb
0c64297d993c84d7a65b39fb16b5c0e93e8dce2a 5927026
libicu52-dbg_52.1-8+deb8u3_amd64.deb
202146e09ff40e8e05cbda4f7a28bf5ed33f0a4b 7642100
libicu-dev_52.1-8+deb8u3_amd64.deb
ee1eb65c8f121f741fe78bdd94e42a2d58288c5f 172118
icu-devtools_52.1-8+deb8u3_amd64.deb
Checksums-Sha256:
1b29e00096d1b02018416f5bfc231f46ddcfcf8f2cc15256c553e282c5ea404f 2001
icu_52.1-8+deb8u3.dsc
aa47fef8f659e6e1ed2a69e1615f5f9ca0b20ed8276fc96c91c0a061f5d12626 28472
icu_52.1-8+deb8u3.debian.tar.xz
eca3333f1fec6fd0391f801814c659a2ac6cdf7f5aeafcc9a01d4840427a9a4c 2631132
icu-doc_52.1-8+deb8u3_all.deb
2d5468b219f0684fe22bc577b296d51683b7c7ece8a4a91ed702085adaaca47e 6784216
libicu52_52.1-8+deb8u3_amd64.deb
4a23eb465619fb689507b994ea5ebb173b9555428977891bad239f7a729a9236 5927026
libicu52-dbg_52.1-8+deb8u3_amd64.deb
788fb8df1872c24c1bec030f835e768a594165c57cb7cfd18ced8839e904c6c3 7642100
libicu-dev_52.1-8+deb8u3_amd64.deb
7bb6efee28578c23745ffb64130681818149e1d15d9caed3c01269efef8276f7 172118
icu-devtools_52.1-8+deb8u3_amd64.deb
Files:
1155b34e88a86fdea80acfb9be2a93f5 2001 libs optional icu_52.1-8+deb8u3.dsc
63ce326ec2513d01ce820bd5f52ddd9a 28472 libs optional
icu_52.1-8+deb8u3.debian.tar.xz
b9f09f5d544a18caaa6936b4dbe9b518 2631132 doc optional
icu-doc_52.1-8+deb8u3_all.deb
1780a1025369d21fb231849fead60af5 6784216 libs optional
libicu52_52.1-8+deb8u3_amd64.deb
00334cd09128d577deaddb3a2747b917 5927026 debug extra
libicu52-dbg_52.1-8+deb8u3_amd64.deb
198af6b55d7f31406a037b7daf5376f8 7642100 libdevel optional
libicu-dev_52.1-8+deb8u3_amd64.deb
c763e5bc0ba6dcadee6aedc544c66b92 172118 libdevel optional
icu-devtools_52.1-8+deb8u3_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJV9yscAAoJENzjEOeGTMi/Zi4QAJnMAYZabqOtXA0qQZRhsNvK
hM/wzb4D5oAncEorrPxw3N5uEC9caGwIX0m9/Tl63d4Gj/7oow17dXEYAI6NOOP9
vZZWKJ+TDqe51n/tnGPBHsneWPahecxOMiAAfbBoG3yzzZ5i5unBHyRAkjaQxAwi
jdPLJ0iLe470xU+3bYFu8isf9605OgguDHPyt0x58FpGW54T5QykM/Su0dxLMMfq
jYEtWVTl2ibezENqoXC+k1rrrtvfl6ZFqvvIvfAEN0k0V02rksM0pw2p2vwVv0Ji
4MxecjCi+l1uh97mwB4xRoDYi1ahNBK9Zw0G2Zt55DnfWqbvmok1txC26B0X6O7F
WP7pjHwNLdZR0x0p9RnpbhnrmtsXvhcNYeTeeyw0sPZdp0Z+g4JJVzQaNsKZQJjz
yuczNlIm7oWU/K5nmgdWuN/1JdnYicIqiSgkie8W3L/LCAPae1m97kzn9KHooRe7
q8DAbc4Q7oKQvbKpwR3L+6yuRAR165o8EpJX4aCi9HAPlNAwfWkolXOP7o6sJraC
a5y/UuUGdHVKMRI8Xq5qy02e6+zgGvthe2yvSe8hVmNhbtp9Xt1IeufDBNkFfbZW
lTu3VunYFyfMPHYlpNITXdZWKD3kKzztWmpHeIAWov9sSds6JabBZYDj1Ypsvmc2
cA7rzfUHOCoarE92ivyz
=WpBw
-----END PGP SIGNATURE-----
--- End Message ---
