*** This bug is a security vulnerability ***
Public security bug reported:
Date Reported:
19 Apr 2017
Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
More information:
It was discovered that icu, the International Components for Unicode library,
did not correctly validate its input. An attacker could use this problem to
trigger an out-of-bound write through a heap-based buffer overflow, thus
causing a denial of service via application crash, or potential execution of
arbitrary code.
For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u5.
** Affects: icu (Ubuntu)
Importance: Undecided
Status: New
** Information type changed from Public to Public Security
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7867
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7868
** Description changed:
Date Reported:
19 Apr 2017
Security database references:
- In the Debian bugtracking system: Bug 860314.
+ In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
More information:
It was discovered that icu, the International Components for Unicode library,
did not correctly validate its input. An attacker could use this problem to
trigger an out-of-bound write through a heap-based buffer overflow, thus
causing a denial of service via application crash, or potential execution of
arbitrary code.
For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u5.
** Summary changed:
- Security issues (solved in Debian)
+ Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to icu in Ubuntu.
https://bugs.launchpad.net/bugs/1684298
Title:
Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
trusty
Status in icu package in Ubuntu:
New
Bug description:
Date Reported:
19 Apr 2017
Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
More information:
It was discovered that icu, the International Components for Unicode library,
did not correctly validate its input. An attacker could use this problem to
trigger an out-of-bound write through a heap-based buffer overflow, thus
causing a denial of service via application crash, or potential execution of
arbitrary code.
For the stable distribution (jessie), these problems have been fixed
in version 52.1-8+deb8u5.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/1684298/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
