Package: release.debian.org Severity: normal Tags: jessie User: [email protected] Usertags: pu
Hi OSRMs, There's a security vulnerability[1] in ICU - International Components for Unicode, which doesn't warrant a DSA. It's an one line change and would be good to have it for Jessie. Thanks for considering, Laszlo/GCS [1] https://security-tracker.debian.org/tracker/CVE-2017-14952
diff -Nru icu-52.1/debian/changelog icu-52.1/debian/changelog --- icu-52.1/debian/changelog 2017-04-17 08:41:59.000000000 +0000 +++ icu-52.1/debian/changelog 2017-10-24 17:28:29.000000000 +0000 @@ -1,3 +1,10 @@ +icu (52.1-8+deb8u6) jessie; urgency=high + + * Backport upstream security fix for CVE-2017-14952: double free in + createMetazoneMappings() (closes: #878840). + + -- Laszlo Boszormenyi (GCS) <[email protected]> Tue, 24 Oct 2017 17:28:29 +0000 + icu (52.1-8+deb8u5) jessie-security; urgency=high * Backport upstream security fix for CVE-2017-7867 and CVE-2017-7868, diff -Nru icu-52.1/debian/patches/CVE-2017-14952.patch icu-52.1/debian/patches/CVE-2017-14952.patch --- icu-52.1/debian/patches/CVE-2017-14952.patch 1970-01-01 00:00:00.000000000 +0000 +++ icu-52.1/debian/patches/CVE-2017-14952.patch 2017-10-24 17:28:29.000000000 +0000 @@ -0,0 +1,10 @@ +Index: source/i18n/zonemeta.cpp +=================================================================== +--- a/source/i18n/zonemeta.cpp (revision 40283) ++++ b/source/i18n/zonemeta.cpp (revision 40324) +@@ -686,5 +686,4 @@ + if (U_FAILURE(status)) { + delete mzMappings; +- deleteOlsonToMetaMappingEntry(entry); + uprv_free(entry); + break; diff -Nru icu-52.1/debian/patches/series icu-52.1/debian/patches/series --- icu-52.1/debian/patches/series 2017-04-17 08:41:59.000000000 +0000 +++ icu-52.1/debian/patches/series 2017-10-24 17:28:29.000000000 +0000 @@ -24,3 +24,4 @@ CVE-2016-6293.patch CVE-2016-7415.patch CVE-2017-7867_CVE-2017-7868.patch +CVE-2017-14952.patch
