Debian Bug report logs -
#780503
icu: incomplete fix for CVE-2014-7940
Reported by: Michael Gilbert <mgilbert@debian.org>
Date: Sun, 15 Mar 2015 01:51:02 UTC
Severity: serious
Tags: patch, security
Found in version icu/52.1-7.1
Fixed in version icu/52.1-8
Done: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#780503; Package src:icu.
(Sun, 15 Mar 2015 01:51:06 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
New Bug report received and forwarded. Copy sent to Jay Berkenbilt <qjb@debian.org>.
(Sun, 15 Mar 2015 01:51:06 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
package: src:icu
version: 52.1-7.1
severity: serious
tags: security
Google added another check in a later patch for this issue, which
wasn't included in the previous nmu:
https://chromium.googlesource.com/chromium/deps/icu/+/a626a75aad2675254073366fcaa9465dacf17100/patches/col.patch
Best wishes,
Mike
Information forwarded
to debian-bugs-dist@lists.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#780503; Package src:icu.
(Sun, 15 Mar 2015 02:51:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Jay Berkenbilt <qjb@debian.org>.
(Sun, 15 Mar 2015 02:51:04 GMT) (full text, mbox, link).
Message #10 received at 780503@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
control: tag -1 patch, pending
On Sat, Mar 14, 2015 at 9:48 PM, Michael Gilbert wrote:
> Google added another check in a later patch for this issue, which
> wasn't included in the previous nmu:
Hi,
I uploaded an nmu to delayed/3 fixing this problem. Please see attached.
Best wishes,
Mike
[icu.patch (text/x-patch, attachment)]
Added tag(s) pending and patch.
Request was from Michael Gilbert <mgilbert@debian.org>
to 780503-submit@bugs.debian.org.
(Sun, 15 Mar 2015 02:51:04 GMT) (full text, mbox, link).
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility.
(Tue, 17 Mar 2015 16:51:09 GMT) (full text, mbox, link).
Notification sent
to Michael Gilbert <mgilbert@debian.org>:
Bug acknowledged by developer.
(Tue, 17 Mar 2015 16:51:10 GMT) (full text, mbox, link).
Message #17 received at 780503-close@bugs.debian.org (full text, mbox, reply):
Source: icu
Source-Version: 52.1-8
We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 780503@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated icu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 17 Mar 2015 11:14:15 +0000
Source: icu
Binary: libicu52 libicu52-dbg libicu-dev icu-devtools icu-doc
Architecture: source all amd64
Version: 52.1-8
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Description:
icu-devtools - Development utilities for International Components for Unicode
icu-doc - API documentation for ICU classes and functions
libicu-dev - Development files for International Components for Unicode
libicu52 - International Components for Unicode
libicu52-dbg - International Components for Unicode
Closes: 777694 780503
Changes:
icu (52.1-8) unstable; urgency=high
.
* New maintainer (closes: #777694).
* Update Standars-Version to 3.9.6 .
.
[ Michael Gilbert <mgilbert@debian.org> ]
* Apply a more complete fix for CVE-2014-7940 (closes: #780503).
- Thanks to Marc Deslauriers.
Checksums-Sha1:
7ed5b80a43b8fbdbf133e5093af9948dc793bb07 1973 icu_52.1-8.dsc
7aa226dc990a1eb7619169d4e5a397b1a215102a 25656 icu_52.1-8.debian.tar.xz
ceb5eccc2b9f7f5aeea711a784fa2acdba771d96 2630968 icu-doc_52.1-8_all.deb
403f298543859860c8ebb0cda42e96d7ff484221 6779698 libicu52_52.1-8_amd64.deb
57a7571ac75d8c13b690bb58a385f4815ff563c4 5925222 libicu52-dbg_52.1-8_amd64.deb
e2ca4b9090e5aae55eb82b70a6be8fc107ff4405 7644878 libicu-dev_52.1-8_amd64.deb
42bac1b0a29361d5f2075930139adf7003585dff 172092 icu-devtools_52.1-8_amd64.deb
Checksums-Sha256:
6847d36df92098042b0b5f2377289e34ed8fa9175b1d74989d9fbd7a025d664d 1973 icu_52.1-8.dsc
aacc6e4c1a91a7c39b0e69e858ddb320c0c75096a19757ae67da9cc52997dcd5 25656 icu_52.1-8.debian.tar.xz
a08a86a7dd6b21a4d961ae65eecb6cbb38955e379d2717bf56e6b06f7160f1a4 2630968 icu-doc_52.1-8_all.deb
342b83af920393e5132d0bd9f6fb03fadd27389f089ed094f788b6ca42d0310c 6779698 libicu52_52.1-8_amd64.deb
110a055af4216bb330192a24c5e3207d21aaa7b3ffee077704694f4146f125a1 5925222 libicu52-dbg_52.1-8_amd64.deb
b804d0035608732ea47716a481581e23b953995caa1df1c9a6a8d736ddcc838e 7644878 libicu-dev_52.1-8_amd64.deb
7eb72050d8d44ac0d5462f53af8bacf8c8bc82bddec669820672ef605493bab9 172092 icu-devtools_52.1-8_amd64.deb
Files:
856eb10182615c6b8eb235121a451a1a 1973 libs optional icu_52.1-8.dsc
0f51c9efbe92ecee196c89dfe6b6cd9b 25656 libs optional icu_52.1-8.debian.tar.xz
e9813a5bc787093c6488e2bae4f7e3ac 2630968 doc optional icu-doc_52.1-8_all.deb
765ca2590b3f14a9e8c332ac715123c5 6779698 libs optional libicu52_52.1-8_amd64.deb
2ce23a45c89cc858d8950573efef9da8 5925222 debug extra libicu52-dbg_52.1-8_amd64.deb
5ecec0bb4482c143dafa3655f4007cfa 7644878 libdevel optional libicu-dev_52.1-8_amd64.deb
559cce7061289e94a010fb8479b72817 172092 libdevel optional icu-devtools_52.1-8_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJVCFiOAAoJENzjEOeGTMi/7wIP/1Avxw4ePdZAxvQJ/v0CTyoM
iEEZjymW4LiOPwOrzKthN2qNECvFbOCKZ6FVfXtzW2mnl5Yx3hy1j3iKxwYT2S0z
kfWy6vnYX/M2N3vH8WNfulRakjOHA98GbuN+UIw+mO5bpaoL9w3Np/hyjZ3yYpFV
W/HVSA/dA/HcQDhS+knSIv+O2ktHpYBVE8xxIAt0XtaEI7tkLywjuCFR7KcetSyZ
lAWWnCC9puU65RFfPh/lB+Sx08uyssO2A+3t5D1yXzFst/d4Ygv1lokZMvj/ZZ9u
YPjmVDYR/Yi81cdxEK4q++VwjW4/LQ7uPSBuZ4ioMTO5KuW53wV+IzCF0qbzKCa/
s0SbJivOx27LlIDkATEpWBJ/IuYWwmaRxCY2JuJ5W91YjcVfl5qeyXK94iTJy7jl
Y8uO1h5a2vLwfHFoSCkQaiqX8la/pre3NTsD83KAoUKz1JMDxbmNpECwHU2SHB/T
ixr/ZY7i+w1nUln+c1LV6cDuQmLjM99QL3+WJJbkeOyHC6p4oQA8V78d2x4axNgu
5zFks+NaFKqBsfZ+uWhDIWk+clQzOe3Nt0pV+EquH9IFPsIOoqT0VQNX/6qvZIDl
zXVZzFa0Z8tsvWfNWgBR5ERIufZm9TEPcziHKgeEfwuox+IivdxjLdQdnBfh+WDw
1xUdRKZLnVZkn2LwBKBA
=g+xa
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Wed, 15 Apr 2015 07:25:28 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 14:48:52 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon