Source: icu Version: 52.1-8 Severity: grave Tags: patch security upstream Justification: user security hole Forwarded: https://ssl.icu-project.org/trac/ticket/12888
*** /tmp/icu.reportbug Package: icu X-Debbugs-CC: [email protected] [email protected] Severity: grave Tags: security Hi, the following vulnerability was published for icu. CVE-2017-7867[0]: | International Components for Unicode (ICU) for C/C++ before 2017-02-13 | has an out-of-bounds write caused by a heap-based buffer overflow | related to the utf8TextAccess function in common/utext.cpp and the | utext_setNativeIndex* function. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7867 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867 [1] https://ssl.icu-project.org/trac/ticket/12888 (closed unfortunately) [2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=213 [3] https://ssl.icu-project.org/trac/changeset/39671 Please adjust the affected versions in the BTS as needed. Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
