Comment 1 Moritz Muehlenhoff 2013-10-16 08:08:12 CEST

Memory corruption in UTF8 handling (CVE-2013-2924)

Comment 2 Moritz Muehlenhoff 2013-11-12 11:18:36 CET

(In reply to Moritz Muehlenhoff from comment #0)
> +++ This bug was initially created as a clone of Bug #30725 +++
> 
> Race condition when accessing the locale configuration (CVE-2013-0900)

The impact is marginal for ICU as used in UCS and the backport would be very intrusive, we won't fix this in a security update.

Comment 3 Moritz Muehlenhoff 2014-06-02 07:59:10 CEST

The maintenance with bug and security fixes for UCS 3.1-x has ended on 31st of May 2014.

The maintenance of the UCS 3.x major series is continued by UCS 3.2-x that is supplied with bug and security fixes.

Customers still on UCS 3.1-x are encouraged to update to UCS 3.2. Please contact your partner or Univention for any questions.