Package: release.debian.org Severity: normal Tags: stretch User: [email protected] Usertags: pu
Hi SRMs, There's a security vulnerability[1] in ICU - International Components for Unicode, which doesn't warrant a DSA. It's an one line change and would be good to have it for Stretch. Thanks for considering, Laszlo/GCS [1] https://security-tracker.debian.org/tracker/CVE-2017-14952
diff -Nru icu-57.1/debian/changelog icu-57.1/debian/changelog --- icu-57.1/debian/changelog 2017-04-16 08:50:52.000000000 +0000 +++ icu-57.1/debian/changelog 2017-10-24 17:28:30.000000000 +0000 @@ -1,3 +1,10 @@ +icu (57.1-6+deb9u1) stretch; urgency=high + + * Backport upstream security fix for CVE-2017-14952: double free in + createMetazoneMappings() (closes: #878840). + + -- Laszlo Boszormenyi (GCS) <[email protected]> Tue, 24 Oct 2017 17:28:30 +0000 + icu (57.1-6) unstable; urgency=high * Backport upstream security fix for CVE-2017-7867 and CVE-2017-7868, diff -Nru icu-57.1/debian/patches/CVE-2017-14952.patch icu-57.1/debian/patches/CVE-2017-14952.patch --- icu-57.1/debian/patches/CVE-2017-14952.patch 1970-01-01 00:00:00.000000000 +0000 +++ icu-57.1/debian/patches/CVE-2017-14952.patch 2017-10-24 17:28:30.000000000 +0000 @@ -0,0 +1,10 @@ +Index: source/i18n/zonemeta.cpp +=================================================================== +--- a/source/i18n/zonemeta.cpp (revision 40283) ++++ b/source/i18n/zonemeta.cpp (revision 40324) +@@ -682,5 +682,4 @@ + if (U_FAILURE(status)) { + delete mzMappings; +- deleteOlsonToMetaMappingEntry(entry); + uprv_free(entry); + break; diff -Nru icu-57.1/debian/patches/series icu-57.1/debian/patches/series --- icu-57.1/debian/patches/series 2017-04-16 08:50:35.000000000 +0000 +++ icu-57.1/debian/patches/series 2017-10-24 17:28:30.000000000 +0000 @@ -10,3 +10,4 @@ CVE-2016-6293.patch CVE-2016-7415.patch CVE-2017-7867_CVE-2017-7868.patch +CVE-2017-14952.patch
