Bug#878840: marked as done (icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp)

Debian Bug Tracking System Wed, 29 Nov 2017 01:05:14 -0800

Your message dated Wed, 29 Nov 2017 09:02:39 +0000
with message-id <[email protected]>
and subject line Bug#878840: fixed in icu 57.1-6+deb9u1
has caused the Debian Bug report #878840,
regarding icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
878840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878840
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Source: icu
Version: 57.1-6
Severity: grave
Tags: patch security upstream

Hi,

the following vulnerability was published for icu.

CVE-2017-14952[0]:
| Double free in i18n/zonemeta.cpp in International Components for
| Unicode (ICU) for C/C++ through 59.1 allows remote attackers to
| execute arbitrary code via a crafted string, aka a "redundant UVector
| entry clean up function call" issue.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2017-14952
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
[1] 
http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
[2] 
https://ssl.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

Please adjust the affected versions in the BTS as needed, unstable
seem to contain the issue, experimental not checked. Older version
have as well not been verified.

Regards,
Salvatore

--- End Message ---

--- Begin Message ---

Source: icu
Source-Version: 57.1-6+deb9u1

We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated icu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 24 Oct 2017 17:28:30 +0000
Source: icu
Binary: libicu57 libicu57-dbg libicu-dev icu-devtools icu-devtools-dbg icu-doc
Architecture: source amd64 all
Version: 57.1-6+deb9u1
Distribution: stretch
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Description:
 icu-devtools - Development utilities for International Components for Unicode
 icu-devtools-dbg - Development utilities for International Components for 
Unicode (d
 icu-doc    - API documentation for ICU classes and functions
 libicu-dev - Development files for International Components for Unicode
 libicu57   - International Components for Unicode
 libicu57-dbg - International Components for Unicode (debug symbols)
Closes: 878840
Changes:
 icu (57.1-6+deb9u1) stretch; urgency=high
 .
   * Backport upstream security fix for CVE-2017-14952: double free in
     createMetazoneMappings() (closes: #878840).
Checksums-Sha1:
 d37f55725ebbcc87423fc6e1db0b5f36881a42ca 2133 icu_57.1-6+deb9u1.dsc
 313d22ae492d8b7d560d486ed775190686e2b042 32960 icu_57.1-6+deb9u1.debian.tar.xz
 0a593f9476b8f9478ca573d22248fd361c36fc08 642474 
icu-devtools-dbg_57.1-6+deb9u1_amd64.deb
 0ca9cfaca17f7e7061d50eb8235884ff8118af83 177590 
icu-devtools_57.1-6+deb9u1_amd64.deb
 c7111085e4f04ba2458f6774c012d633033e1a20 2397192 icu-doc_57.1-6+deb9u1_all.deb
 cc37df72c2acea221cc8efc52d1a58f1d779b418 7410 icu_57.1-6+deb9u1_amd64.buildinfo
 b5772b3980b3a954e10bf6c569e1a61fe91b7075 16482724 
libicu-dev_57.1-6+deb9u1_amd64.deb
 a1701f9b8b07b3d9ee0cfca0efda8c453ad59bc4 7368464 
libicu57-dbg_57.1-6+deb9u1_amd64.deb
 70b1a76f4cf40c8944a6b247ff135bc9a0760596 7697116 
libicu57_57.1-6+deb9u1_amd64.deb
Checksums-Sha256:
 e87306d83886a6a66d5f261cb4acc32dec74e755459ee395e95f84861ea2bb45 2133 
icu_57.1-6+deb9u1.dsc
 5c028d093a0a8e9dee18597bcd9150fbbc400237c14400009f160e13480b026b 32960 
icu_57.1-6+deb9u1.debian.tar.xz
 e44c6f41491eb2d8e8eaea52f7309cbace494de9da972f58fa64d29695d7bef4 642474 
icu-devtools-dbg_57.1-6+deb9u1_amd64.deb
 068950364ecf26f02754047ebcdc4ff6fe28e23273b880889cbef595fef449c9 177590 
icu-devtools_57.1-6+deb9u1_amd64.deb
 43ed7cba1fc26fac18bd6b622353939c3509b01bb5c04d8fdd0f5553ec163123 2397192 
icu-doc_57.1-6+deb9u1_all.deb
 d29a3e10f4ff7c26dc2cc372a0be1daa22a6453e973668dd8a78ee5b8e1b1eb9 7410 
icu_57.1-6+deb9u1_amd64.buildinfo
 d32b7755a4ada83da57aa72dc272078565e75d7249f2740216b189ad7a7d93ff 16482724 
libicu-dev_57.1-6+deb9u1_amd64.deb
 ac1334b7e5187355db93be2e1a793ba5b38dee09c855ed7b60c67f50bf495e31 7368464 
libicu57-dbg_57.1-6+deb9u1_amd64.deb
 d7a5382b6aa772df09c8d30170de1c2e562ad72ea4324400e65dc7439114b1da 7697116 
libicu57_57.1-6+deb9u1_amd64.deb
Files:
 1270576d156f8f0b87a4eefb721234f5 2133 libs optional icu_57.1-6+deb9u1.dsc
 3b6cce8d5399292d587bf6ea09cbb2da 32960 libs optional 
icu_57.1-6+deb9u1.debian.tar.xz
 06a7ab617b9a1dcd5674b742c159ef0a 642474 debug extra 
icu-devtools-dbg_57.1-6+deb9u1_amd64.deb
 3a69ad63f61d66b38ed8026c55cc70d3 177590 libdevel optional 
icu-devtools_57.1-6+deb9u1_amd64.deb
 c0cd9dc6c71921295131151f1cf0a635 2397192 doc optional 
icu-doc_57.1-6+deb9u1_all.deb
 1f9af6d4a212885335207acbe59e09c6 7410 libs optional 
icu_57.1-6+deb9u1_amd64.buildinfo
 30a6551c42e1b66122b00ed57a2d6d9d 16482724 libdevel optional 
libicu-dev_57.1-6+deb9u1_amd64.deb
 a88da194fa147071e67cc749abcc7876 7368464 debug extra 
libicu57-dbg_57.1-6+deb9u1_amd64.deb
 c871b37f42ce3c4e81c5ee682563ddab 7697116 libs optional 
libicu57_57.1-6+deb9u1_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAloa9wEACgkQ3OMQ54ZM
yL89ihAAtNe0UzUSpVe8D2yrx3chDuzD9592DwMZsxohDO9nYIsN5rG7P8hDTa5d
xdP1hwX+2usdrrhIOYNB38ZkX6Rmpw3Zsh8y7VCWhEbgXeRBLaIAFwgM9749CRCw
UY6+Ngy/l0sU2VNp/O2ny11cc7MhX/gOWiVb0iWDUt5oCxaIBwcHvSzcSAHPDSZh
oyBT9JLqZ1I3C4WCpaJLuf1bW3+4zOyVhBYZge3c8cv1Q9OkHQxDDdicAOxS4i5c
Z6eLA25S+J2DsjuRGVhFD79jA6NhNSHysbApmQvujrOhcloLWKCacvYvZm4MU81u
kmy+O8U106/BOFIs2wP+S//UUpoHDZbzjZJ0bQ8kkN4CMpjPkZnr7jyTv+q0LdJ4
4jhSoEyoRdQXmN5RWfJxvsm9r42a3SZZV0Fp1ew0vppplEyuFqTBoEd/lQ8e0hUN
XcyGCvCmhBt9I9ACb5kOGQjM5LJpodworiohlBdZhLiREC4PqIzgsZztMXSWlM8q
HZ2SU3S/42Ah9LlyGvb/8fNsRG+yCF2HMxI7EJy9AatSqP/WxGGBPrLjlGetu6GB
i0cZcRBXKAmGnfnGMJOYFYD5N+2JPtkH8+hadfVYb6+KxWasjYN1313FKkr6cNhA
SjhhYBzFRv/Se+Fxl+q9sabmfxLTA25Ekspjg5nELjho26GrocI=
=6vGK
-----END PGP SIGNATURE-----

--- End Message ---

Bug#878840: marked as done (icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp)

Reply via email to