Univention Bugzilla – Full Text Bug Listing |
Summary: | icu: Multiple issues (4.0) | ||
---|---|---|---|
Product: | UCS | Reporter: | Janek Walkenhorst <walkenhorst> |
Component: | Security updates | Assignee: | Stefan Gohmann <gohmann> |
Status: | CLOSED FIXED | QA Contact: | Janek Walkenhorst <walkenhorst> |
Severity: | normal | ||
Priority: | P3 | CC: | gohmann, jmm, requate |
Version: | UCS 4.0 | Flags: | requate:
Patch_Available+
|
Target Milestone: | UCS 4.0-3-errata | ||
Hardware: | Other | ||
OS: | Linux | ||
What kind of report is it?: | --- | What type of bug is this?: | --- |
Who will be affected by this bug?: | --- | How will those affected feel about the bug?: | --- |
User Pain: | Enterprise Customer affected?: | ||
School Customer affected?: | ISV affected?: | ||
Waiting Support: | Flags outvoted (downgraded) after PO Review: | ||
Ticket number: | Bug group (optional): | ||
Max CVSS v3 score: |
Description
Janek Walkenhorst
2015-01-27 12:53:07 CET
Additional issues: CVE-2014-6585 CVE-2014-6591 Denial of service in regular expression handling (CVE-2014-9654, CVE-2015-1205) CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419: Potential execution of arbitrary code with user privileges due to incorrect memory handling while processing fonts. Fix available in Debian version 4.8.1.1-12+deb7u2 * missing boundary checks in layout engine (CVE-2015-4760) Fixed in upstream Debian package version 4.8.1.1-12+deb7u2: * Glyph table issue (CVE-2013-1569) * Glyph table issue (CVE-2013-2383) * Font layout issue (CVE-2013-2384) * Font processing issue (CVE-2013-2419) * Out-of-bounds read (CVE-2014-6585) * Additional out-of-bounds reads (CVE-2014-6591) * Memory corruption in regular expression comparison (CVE-2014-7923) * Memory corruption in regular expression comparison (CVE-2014-7926) * Uninitialized memory (CVE-2014-7940) * More regular expression flaws (CVE-2014-9654). Fixed in upstream Debian package version 4.8.1.1-12+deb7u3: * missing boundary checks in layout engine (CVE-2015-4760) * heap overflow via incorrect isolateCount (CVE-2014-8146) * integer truncation in the resolveImplicitLevels function (CVE-2014-8147) (In reply to Moritz Muehlenhoff from comment #2) > Denial of service in regular expression handling (CVE-2014-9654, > CVE-2015-1205) CVE-2015-1205 is a Google Chrome issue: https://security-tracker.debian.org/tracker/CVE-2015-1205 All other CVE have been added: 2015-08-28-icu.yaml Advisory: OK Tests (amd64): OK |