New Debian icu 57.1-6+deb9u5 fixes: This update addresses the following issue: * Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp (CVE-2020-21913)
--- mirror/ftp/4.4/unmaintained/4.4-5/source/icu_57.1-6+deb9u4.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/icu_57.1-6+deb9u5.dsc @@ -1,3 +1,8 @@ +57.1-6+deb9u5 [Tue, 12 Oct 2021 11:29:46 +0100] Chris Lamb <lamby@debian.org>: + + * CVE-2020-21913: Prevent a potential use-after-free vulnerability in + the pkg_createWithAssemblyCode function. + 57.1-6+deb9u4 [Sat, 14 Mar 2020 19:34:22 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>: * Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in <http://piuparts.knut.univention.de/4.4-8/#4148741556316582241>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 43cc9ed2c8 Bug #53930: icu 57.1-6+deb9u5 doc/errata/staging/icu.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1071>