Package "icu-devtools"
Name: |
icu-devtools
|
Description: |
Development utilities for International Components for Unicode
|
Latest version: |
52.1-3ubuntu0.8 |
Release: |
trusty (14.04) |
Level: |
security |
Repository: |
main |
Head package: |
icu |
Homepage: |
http://www.icu-project.org |
Links
Download "icu-devtools"
Other versions of "icu-devtools" in Trusty
Changelog
icu (52.1-3ubuntu0.8) trusty-security; urgency=medium
* SECURITY UPDATE: integer overflow in Persian Cal
- debian/patches/CVE-2017-15422.patch: use int64_t math for one
operation to avoid overflow, add tests in source/i18n/gregoimp.cpp,
source/i18n/gregoimp.h, source/i18n/persncal.cpp,
source/test/intltest/calregts.cpp, source/test/intltest/calregts.h.
- CVE-2017-15422
-- Marc Deslauriers <email address hidden> Tue, 27 Mar 2018 11:22:56 -0400
|
Source diff to previous version |
|
icu (52.1-3ubuntu0.7) trusty-security; urgency=medium
* SECURITY UPDATE: double free
- debian/patches/CVE-2017-14952.patch: fixes double free in
createMetaZoneMappings() source/i18n/zonemeta.cpp.
- CVE-2017-14952
-- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Oct 2017 09:13:32 -0300
|
Source diff to previous version |
CVE-2017-14952 |
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary co |
|
icu (52.1-3ubuntu0.6) trusty-security; urgency=medium
* SECURITY UPDATE: out-of-bounds write in common/utext.cpp
(LP: #1684298)
- debian/patches/CVE-2017-786x.patch: properly handle chunk size in
source/common/utext.cpp, added test to
source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
- CVE-2017-7867
- CVE-2017-7868
-- Marc Deslauriers <email address hidden> Tue, 02 May 2017 09:43:38 -0400
|
Source diff to previous version |
1684298 |
Security issues (solved in Debian) - affecting icu52 in trusty |
CVE-2017-7867 |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to t |
CVE-2017-7868 |
International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to t |
|
icu (52.1-3ubuntu0.5) trusty-security; urgency=medium
* SECURITY UPDATE: Multiple security issues. Synchronize security fixes
with Debian's 52.1-8+deb8u4 release. Thanks to Laszlo Boszormenyi for
the work this update is based on.
- debian/patches/CVE-2014-9911.patch
- debian/patches/CVE-2015-4844.patch
- debian/patches/CVE-2016-0494.patch
- debian/patches/CVE-2016-6293.patch
- debian/patches/CVE-2016-7415.patch
- CVE-2014-9911
- CVE-2015-4844
- CVE-2016-0494
- CVE-2016-6293
- CVE-2016-7415
-- Marc Deslauriers <email address hidden> Fri, 10 Mar 2017 11:41:10 -0500
|
Source diff to previous version |
CVE-2014-9911 |
Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54. |
CVE-2015-4844 |
Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ... |
CVE-2016-0494 |
Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows rem |
CVE-2016-6293 |
The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that |
CVE-2016-7415 |
Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remot |
|
icu (52.1-3ubuntu0.4) trusty-security; urgency=medium
* SECURITY UPDATE: denial of service via mishandling of converter names
with initial x- substrings
- debian/patches/CVE-2015-1270.patch: fix logic in
source/common/ucnv_io.cpp.
- CVE-2015-1270
* SECURITY UPDATE: information disclosure via overflows
- debian/patches/CVE-2015-2632.patch: properly calculate index in
source/layout/Features.cpp, check for overflows in
source/layout/LETableReference.h.
- CVE-2015-2632
* SECURITY UPDATE: denial of service and possible code execution via
overflows
- debian/patches/CVE-2015-4760.patch: check bounds in
source/layout/ContextualGlyphInsertionProc2.cpp,
source/layout/ContextualGlyphSubstProc.cpp,
source/layout/ContextualGlyphSubstProc2.cpp,
source/layout/IndicRearrangementProcessor.cpp,
source/layout/IndicRearrangementProcessor2.cpp,
use unsigned flags in source/layout/LigatureSubstProc.cpp,
source/layout/StateTables.h, properly handle errors in
source/layout/StateTableProcessor.cpp,
source/layout/StateTableProcessor2.cpp.
- CVE-2015-4760
-- Marc Deslauriers Fri, 11 Sep 2015 09:28:05 -0400
|
CVE-2015-1270 |
The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403. |
CVE-2015-2632 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D. |
CVE-2015-4760 |
Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via u |
|
About
-
Send Feedback to @ubuntu_updates