Your message dated Sat, 31 May 2025 06:04:59 +0000
with message-id <[email protected]>
and subject line Bug#1106684: fixed in icu 76.1-4
has caused the Debian Bug report #1106684,
regarding icu: CVE-2025-5222: Stack buffer overflow in the SRBRoot::addTag
function
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1106684: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106684
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: icu
Version: 76.1-3
Severity: important
Tags: security upstream
Forwarded: https://unicode-org.atlassian.net/browse/ICU-22957
X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi,
The following vulnerability was published for icu.
CVE-2025-5222[0]:
| Stack buffer overflow in the SRBRoot::addTag function
The avaiable information is bit scarce here. The issue discription at
least points to the same issue as tracked in [1]. Though it is not
very clear with the fix version and identifying the fixing commit. Can
you find more on it?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2025-5222
https://www.cve.org/CVERecord?id=CVE-2025-5222
[1] https://unicode-org.atlassian.net/browse/ICU-22957
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: icu
Source-Version: 76.1-4
Done: Laszlo Boszormenyi (GCS) <[email protected]>
We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated icu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 31 May 2025 07:04:58 +0200
Source: icu
Architecture: source
Version: 76.1-4
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 1106684
Changes:
icu (76.1-4) unstable; urgency=high
.
* Backport fix for ICU-22973: fix buffer overflow by using CharString;
remedy for CVE-2025-5222 (closes: #1106684).
Checksums-Sha1:
b34171ef258f7d6f36bb2a4afd7a63ad521db1ec 2236 icu_76.1-4.dsc
15a8ad0d7dedf68feab8e643c5581a95b92f9b59 65216 icu_76.1-4.debian.tar.xz
Checksums-Sha256:
2587ef23962b42a074ceab2f0407058f8e3fca0e6edd5d7c0bc1df6c683724a6 2236
icu_76.1-4.dsc
5f9ff8b3a8e89a01b52c84bfebd35e7825ac561669d24e5a3d5f25d158e4f412 65216
icu_76.1-4.debian.tar.xz
Files:
8bb09a8859e645b8ceb4f991128f1877 2236 libs optional icu_76.1-4.dsc
5b726a11431db849347a9d1a0219bee8 65216 libs optional icu_76.1-4.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAmg6ltQACgkQ3OMQ54ZM
yL/BoRAAn/n1wkn0jwwX7I3a2LS7DqffEi3N5PCbkjOgoATUSFwTpAmi3ct+8KRq
gHfIhWqvA+8ozXd83UneJS0l18GcN6OJDdyZLPMD4hlbpkVttEJgtNw7BLq/p93Z
hRjqMQt1krlL9QczVfGdBWuXYC+CcWVpopJHaHKODLadF6nhFgZFkJRPtlZ030tO
Druf6BcBsz8ogXhGBFMOEZ0MVx97m+YoTMmNDbgOdJnxu8eOmaHKxrXP+JMJ4KjY
AEX2PC/XXkiOF6G3Aptw0cgG4ZtkOdyOKMYzogUkGoha/8SdR3MqAX45G5/PuGKq
6RKCR6Z/xGYv0nFLofwznQXPNEqxhimdJ9Q/CbZjxBp1rvSWDi5CJmMaBIGTAZ0d
Fz/dYt9PUtCYz1dgqrWrL32kG8joeo9EVk47X5ZdzYRpgHxew7S2Wx+mqnhLOo7G
cQz3ampL8dZpZzCieuTZ1lZE8/blg5PUnux1sX/BuhyWj3oigfHK6dk14Mzy2kIz
ck5TQjCxGK8uxRTDhcdZ3iDD5wD3n2uDHF0cYpxITQmexAX6x0+NEz3eHcF0kRua
25dJRppYfX9ASRJNC9+jvVuz2P3fJgHDj9R36M53bJFCvy6PuNLvoYDe+8RFuG9j
ZbgRPqPw3zXgw0D/Ild0iUgbmLwIbHG8QjLDkOY+404ZaRcsFkY=
=zUAl
-----END PGP SIGNATURE-----
pgphSr3XqC9J4.pgp
Description: PGP signature
--- End Message ---
