Source: icu Version: 76.1-3 Severity: important Tags: security upstream Forwarded: https://unicode-org.atlassian.net/browse/ICU-22957 X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi, The following vulnerability was published for icu. CVE-2025-5222[0]: | Stack buffer overflow in the SRBRoot::addTag function The avaiable information is bit scarce here. The issue discription at least points to the same issue as tracked in [1]. Though it is not very clear with the fix version and identifying the fixing commit. Can you find more on it? If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-5222 https://www.cve.org/CVERecord?id=CVE-2025-5222 [1] https://unicode-org.atlassian.net/browse/ICU-22957 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
