Univention Bugzilla – Bug 54167
icu: Multiple issues (5.0)
Last modified: 2021-12-01 16:29:16 CET
New Debian icu 63.1-6+deb10u2 fixes: This update addresses the following issue: * Use after free in pkg_createWithAssemblyCode function in tools/pkgdata/pkgdata.cpp (CVE-2020-21913)
--- mirror/ftp/pool/main/i/icu/icu_63.1-6+deb10u1.dsc +++ apt/ucs_5.0-0-errata5.0-0/source/icu_63.1-6+deb10u2.dsc @@ -1,3 +1,8 @@ +63.1-6+deb10u2 [Thu, 25 Nov 2021 06:38:47 +0100] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Use LocalMemory for cmd to prevent use after free (CVE-2020-21913) + 63.1-6+deb10u1 [Fri, 13 Mar 2020 18:49:33 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>: * Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in <http://piuparts.knut.univention.de/5.0-0/#6467177742859432688>
OK: yaml OK: announce_errata OK: patch OK: piuparts [5.0-0] e5cbcbeba9 Bug #54167: icu 63.1-6+deb10u2 doc/errata/staging/icu.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.0x160>