Debian Bug report logs -
#463688
CVE-2007-4770/1: Vulnerabilities in libicu
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Sat, 2 Feb 2008 12:24:01 UTC
Severity: grave
Tags: security
Fixed in version icu/3.8-6
Done: Jay Berkenbilt <qjb@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Jay Berkenbilt <qjb@debian.org>
:
Bug#463688
; Package libicu38
.
(full text, mbox, link).
Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>
:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Jay Berkenbilt <qjb@debian.org>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: libicu38
Version: 3.6-2
Severity: grave
Tags: security
Two vulnerabilities have been found in libicu:
>From CVE-2007-4770:
libicu in International Components for Unicode (ICU) 3.8.1 and earlier
attempts to process backreferences to the nonexistent capture group
zero (aka \0), which might allow context-dependent attackers to read
from, or write to, out-of-bounds memory locations, related to
corruption of REStackFrames.
>From CVE-2007-4771:
Heap-based buffer overflow in the doInterval function in regexcmp.cpp
in libicu in International Components for Unicode (ICU) 3.8.1 and
earlier allows context-dependent attackers to cause a denial of
service (memory consumption) and possibly have unspecified other
impact via a regular expression that writes a large amount of data to
the backtracking stack. NOTE: some of these details are obtained from
third party information.
A link to a patch is at
[1] http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com
This also affects libicu36 and probably libicu28.
Please mention the CVE ids in the changelog.
Bug reassigned from package `libicu38' to `icu'.
Request was from Steve Langasek <vorlon@debian.org>
to control@bugs.debian.org
.
(Sun, 03 Feb 2008 17:27:10 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org
:
Bug#463688
; Package icu
.
(full text, mbox, link).
Acknowledgement sent to Jay Berkenbilt <qjb@debian.org>
:
Extra info received and forwarded to list.
(full text, mbox, link).
Message #12 received at 463688@bugs.debian.org (full text, mbox, reply):
I am acknowledging the security vulnerability report against ICU.
This has caught me at an unusually busy time, so I have not been able
to meet my general policy of same-day response to security bugs. I
will endeavor to upload a new version to unstable with urgency "high"
within the next two or three days.
Security: if you'd like, I can prepare a patch for the stable version
as well. I'll do that and send it to security unless I hear
otherwise.
As always, I will reference the CVE number in the changelog.
--
Jay Berkenbilt <qjb@debian.org>
Reply sent to Jay Berkenbilt <qjb@debian.org>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Stefan Fritsch <sf@sfritsch.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #17 received at 463688-close@bugs.debian.org (full text, mbox, reply):
Source: icu
Source-Version: 3.8-6
We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive:
icu-doc_3.8-6_all.deb
to pool/main/i/icu/icu-doc_3.8-6_all.deb
icu_3.8-6.diff.gz
to pool/main/i/icu/icu_3.8-6.diff.gz
icu_3.8-6.dsc
to pool/main/i/icu/icu_3.8-6.dsc
libicu-dev_3.8-6_i386.deb
to pool/main/i/icu/libicu-dev_3.8-6_i386.deb
libicu38-dbg_3.8-6_i386.deb
to pool/main/i/icu/libicu38-dbg_3.8-6_i386.deb
libicu38_3.8-6_i386.deb
to pool/main/i/icu/libicu38_3.8-6_i386.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 463688@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <qjb@debian.org> (supplier of updated icu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Thu, 07 Feb 2008 12:58:34 -0500
Source: icu
Binary: libicu38 libicu38-dbg libicu-dev lib32icu38 lib32icu-dev icu-doc
Architecture: source all i386
Version: 3.8-6
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description:
icu-doc - API documentation for ICU classes and functions
libicu-dev - Development files for International Components for Unicode
libicu38 - International Components for Unicode
libicu38-dbg - International Components for Unicode
Closes: 463688
Changes:
icu (3.8-6) unstable; urgency=high
.
* Add debian/patches/00-cve-2007-4770-4771.patch created from with
svn diff -c 23292 \
http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8
to address the following security vulnerablilities:
- CVE-2007-4770: reference to non-existent capture group may
cause access to invalid memory
- CVE-2007-4771: buffer overflow in regexcmp.cpp
(Closes: #463688)
* Updated standards version to 3.7.3: no changes required.
Files:
33af53f873f321b6e209bfff05c1e424 889 libs optional icu_3.8-6.dsc
072afed03a6c137388a0fa9c632cfe4f 11860 libs optional icu_3.8-6.diff.gz
644ba9a944f610f89337e3963591a7a8 3645860 doc optional icu-doc_3.8-6_all.deb
39ce4f1c9acf7d5802db62c388b47ef3 5862768 libs optional libicu38_3.8-6_i386.deb
aca51dba423f8b92a2c806760a587335 2247986 libs extra libicu38-dbg_3.8-6_i386.deb
225a45a65a08f6933313a38e06e52479 6897616 libdevel optional libicu-dev_3.8-6_i386.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHq1ngEBVk6taI4KcRAu/RAJ0aMcP+0vAr9LTfxRwlZChpr0b9zACePMn3
y7FL3DcRY19TxL8RNAPqo7g=
=RzAd
-----END PGP SIGNATURE-----
Information forwarded to debian-bugs-dist@lists.debian.org, Jay Berkenbilt <qjb@debian.org>
:
Bug#463688
; Package icu
.
(full text, mbox, link).
Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>
:
Extra info received and forwarded to list. Copy sent to Jay Berkenbilt <qjb@debian.org>
.
(full text, mbox, link).
Message #22 received at 463688@bugs.debian.org (full text, mbox, reply):
Jay Berkenbilt wrote:
> Security: if you'd like, I can prepare a patch for the stable version
> as well. I'll do that and send it to security unless I hear
> otherwise.
Thanks, please go ahead.
Cheers,
Moritz
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 27 Jul 2008 07:34:46 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:12:54 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.