UbuntuUpdates.org

Package "libicu52"

Name: libicu52

Description:

International Components for Unicode

Latest version: 52.1-3ubuntu0.8
Release: trusty (14.04)
Level: updates
Repository: main
Head package: icu
Homepage: http://www.icu-project.org

Links


Download "libicu52"


Other versions of "libicu52" in Trusty

Repository Area Version
base main 52.1-3
security main 52.1-3ubuntu0.8

Changelog

Version: 52.1-3ubuntu0.8 2018-03-28 20:07:19 UTC

  icu (52.1-3ubuntu0.8) trusty-security; urgency=medium

  * SECURITY UPDATE: integer overflow in Persian Cal
    - debian/patches/CVE-2017-15422.patch: use int64_t math for one
      operation to avoid overflow, add tests in source/i18n/gregoimp.cpp,
      source/i18n/gregoimp.h, source/i18n/persncal.cpp,
      source/test/intltest/calregts.cpp, source/test/intltest/calregts.h.
    - CVE-2017-15422

 -- Marc Deslauriers <email address hidden> Tue, 27 Mar 2018 11:22:56 -0400

Source diff to previous version
CVE-2017-15422 integer overflow in icu

Version: 52.1-3ubuntu0.7 2017-10-23 18:06:42 UTC

  icu (52.1-3ubuntu0.7) trusty-security; urgency=medium

  * SECURITY UPDATE: double free
    - debian/patches/CVE-2017-14952.patch: fixes double free in
      createMetaZoneMappings() source/i18n/zonemeta.cpp.
    - CVE-2017-14952

 -- <email address hidden> (Leonidas S. Barbosa) Tue, 17 Oct 2017 09:13:32 -0300

Source diff to previous version
CVE-2017-14952 Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary co

Version: 52.1-3ubuntu0.6 2017-05-02 21:07:04 UTC

  icu (52.1-3ubuntu0.6) trusty-security; urgency=medium

  * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
    (LP: #1684298)
    - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
      source/common/utext.cpp, added test to
      source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
    - CVE-2017-7867
    - CVE-2017-7868

 -- Marc Deslauriers <email address hidden> Tue, 02 May 2017 09:43:38 -0400

Source diff to previous version
1684298 Security issues (solved in Debian) - affecting icu52 in trusty
CVE-2017-7867 International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to t
CVE-2017-7868 International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to t

Version: 52.1-3ubuntu0.5 2017-03-13 18:07:00 UTC

  icu (52.1-3ubuntu0.5) trusty-security; urgency=medium

  * SECURITY UPDATE: Multiple security issues. Synchronize security fixes
    with Debian's 52.1-8+deb8u4 release. Thanks to Laszlo Boszormenyi for
    the work this update is based on.
    - debian/patches/CVE-2014-9911.patch
    - debian/patches/CVE-2015-4844.patch
    - debian/patches/CVE-2016-0494.patch
    - debian/patches/CVE-2016-6293.patch
    - debian/patches/CVE-2016-7415.patch
    - CVE-2014-9911
    - CVE-2015-4844
    - CVE-2016-0494
    - CVE-2016-6293
    - CVE-2016-7415

 -- Marc Deslauriers <email address hidden> Fri, 10 Mar 2017 11:41:10 -0500

Source diff to previous version
CVE-2014-9911 Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.
CVE-2015-4844 Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and ...
CVE-2016-0494 Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows rem
CVE-2016-6293 The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that
CVE-2016-7415 Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remot

Version: 52.1-3ubuntu0.4 2015-09-16 19:06:44 UTC

  icu (52.1-3ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via mishandling of converter names
    with initial x- substrings
    - debian/patches/CVE-2015-1270.patch: fix logic in
      source/common/ucnv_io.cpp.
    - CVE-2015-1270
  * SECURITY UPDATE: information disclosure via overflows
    - debian/patches/CVE-2015-2632.patch: properly calculate index in
      source/layout/Features.cpp, check for overflows in
      source/layout/LETableReference.h.
    - CVE-2015-2632
  * SECURITY UPDATE: denial of service and possible code execution via
    overflows
    - debian/patches/CVE-2015-4760.patch: check bounds in
      source/layout/ContextualGlyphInsertionProc2.cpp,
      source/layout/ContextualGlyphSubstProc.cpp,
      source/layout/ContextualGlyphSubstProc2.cpp,
      source/layout/IndicRearrangementProcessor.cpp,
      source/layout/IndicRearrangementProcessor2.cpp,
      use unsigned flags in source/layout/LigatureSubstProc.cpp,
      source/layout/StateTables.h, properly handle errors in
      source/layout/StateTableProcessor.cpp,
      source/layout/StateTableProcessor2.cpp.
    - CVE-2015-4760

 -- Marc Deslauriers Fri, 11 Sep 2015 09:28:05 -0400

CVE-2015-1270 The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.
CVE-2015-2632 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.
CVE-2015-4760 Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via u



About   -   Send Feedback to @ubuntu_updates