Launchpad has imported 8 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=429023.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-01-16T20:53:36+00:00 Josh wrote: Will Drewry reported a flaw in the way libicu processes certain regular expressions. He reports: On regular expression compilation, illegal backreferences may refer to the non-existent capture group '0'. When these are builts, they will result in corrupt REStackFrames which will be used at a later point. Crashes may result in out of band reads or writes depending on the regular expression being executed. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/0 ------------------------------------------------------------------------ On 2008-01-17T09:20:08+00:00 Caolan wrote: Created attachment 291973 An example of icu pattern matching in OOo I figured out how to get OOo to match patterns with the icu regexp stuff. Attached is a test-case which just tries to match "I am a pattern" Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/1 ------------------------------------------------------------------------ On 2008-01-18T08:06:42+00:00 Tomas wrote: Created attachment 292114 Patch agains ICU 3.8 proposed by Andy Heninger Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/2 ------------------------------------------------------------------------ On 2008-01-22T08:59:16+00:00 Caolan wrote: Created attachment 292482 backported patch I can't commit to RHEL icu without approved bugzilla ids. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/3 ------------------------------------------------------------------------ On 2008-01-25T13:14:05+00:00 Josh wrote: This is now public: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/4 ------------------------------------------------------------------------ On 2008-01-27T07:13:09+00:00 Fedora wrote: icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/5 ------------------------------------------------------------------------ On 2008-01-27T07:21:19+00:00 Fedora wrote: icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/6 ------------------------------------------------------------------------ On 2008-01-27T10:15:09+00:00 Red wrote: This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0090.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1076 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1036 Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/7 ** Changed in: icu (Fedora) Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to icu in Ubuntu. https://bugs.launchpad.net/bugs/186578 Title: [libicu] [CVE-2007-4770] [CVE-2007-4771] potential execution of arbitrary code via malformed regular expressions Status in icu package in Ubuntu: Fix Released Status in icu source package in Dapper: Fix Released Status in icu source package in Edgy: Fix Released Status in icu source package in Feisty: Fix Released Status in icu source package in Gutsy: Fix Released Status in icu source package in Hardy: Fix Released Status in icu package in Debian: Fix Released Status in icu package in Fedora: Fix Released Status in icu package in Gentoo Linux: Fix Released Bug description: Binary package hint: libicu36 References: MDVSA-2008:026 (http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:026) Quoting: "Will Drewry reported multiple flaws in how libicu processed certain malformed regular expressions. If an application linked against libicu, such as OpenOffice.org, processed a carefully-crafted regular expression, it could potentially cause the execution of arbitrary code with the privileges of the user running the application." To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
