Univention Bugzilla – Bug 44665
icu: Multiple issues (4.1)
Last modified: 2017-12-14 13:24:27 CET
Upstream Debian package version 4.8.1.1-12+deb7u7 fixes these issues: * out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function (CVE-2017-7867) * out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function (CVE-2017-7868)
Imported and built. Advisory: https://git.knut.univention.de/univention/ucs/blob/4.1-5/doc/errata/staging/icu.yaml
YAML fail (maintenance)? http://jenkins.knut.univention.de:8080/job/UCS-4.1/job/UCS-4.1-5/job/ErrataValidation/32/testReport/icu/
Yes, the check_errata_for_release script bails out due to the extended maintenance UCS 4.1-5. I've added an ignore-tag for this to the advisory.
Installation: OK YAML: OK Verified
<http://errata.software-univention.de/ucs/4.1/487.html>