Bug 37630 - icu: Multiple issues (3.2)
icu: Multiple issues (3.2)
Status: RESOLVED DUPLICATE of bug 33284
Product: UCS
Classification: Unclassified
Component: Security updates
UCS 3.2
Other Linux
: P5 normal (vote)
: UCS 3.2-x-errata
Assigned To: Security maintainers
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2015-01-27 12:53 CET by Janek Walkenhorst
Modified: 2015-02-02 06:57 CET (History)
1 user (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Janek Walkenhorst univentionstaff 2015-01-27 12:53:42 CET
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7926. (CVE-2014-7923)

The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a (1) zero-length quantifier or (2) look-behind expression, a different vulnerability than CVE-2014-7923. (CVE-2014-7926)

The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. (CVE-2014-7940)
Comment 1 Janek Walkenhorst univentionstaff 2015-01-27 13:06:13 CET
Additional issues: CVE-2014-6585 CVE-2014-6591
Comment 2 Moritz Muehlenhoff univentionstaff 2015-02-02 06:57:46 CET

*** This bug has been marked as a duplicate of bug 33284 ***