Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CVE-2011-4599

Related Vulnerabilities: CVE-2011-4599  

Source

Debian Bug report logs - #654883
CVE-2011-4599

version graph

Package: icu; Maintainer for icu is Laszlo Boszormenyi (GCS) <gcs@debian.org>;

Reported by: Moritz Muehlenhoff <muehlenhoff@univention.de>

Date: Fri, 6 Jan 2012 14:57:05 UTC

Severity: grave

Tags: security

Fixed in version icu/4.8.1.1-3

Done: Jay Berkenbilt <qjb@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, team@security.debian.org, Jay Berkenbilt <qjb@debian.org>:
Bug#654883; Package icu. (Fri, 06 Jan 2012 14:57:08 GMT) (full text, mbox, link).

Acknowledgement sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, Jay Berkenbilt <qjb@debian.org>. (Fri, 06 Jan 2012 14:57:08 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Moritz Muehlenhoff <muehlenhoff@univention.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2011-4599
Date: Fri, 06 Jan 2012 15:53:03 +0100
Package: icu
Severity: grave
Tags: security

Please see https://bugzilla.redhat.com/show_bug.cgi?id=765812 for
details and references to patches.

Cheers,
        Moritz

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#654883; Package icu. (Sun, 22 Jan 2012 01:27:06 GMT) (full text, mbox, link).

Acknowledgement sent to Jay Berkenbilt <qjb@debian.org>:
Extra info received and forwarded to list. (Sun, 22 Jan 2012 01:27:06 GMT) (full text, mbox, link).

Message #10 received at 654883@bugs.debian.org (full text, mbox, reply):

From: Jay Berkenbilt <qjb@debian.org>
To: Moritz Muehlenhoff <muehlenhoff@univention.de>
Cc: 654883@bugs.debian.org
Subject: Re: Bug#654883: CVE-2011-4599
Date: Sat, 21 Jan 2012 20:18:14 -0500
[Message part 1 (text/plain, inline)]
Moritz Muehlenhoff <muehlenhoff@univention.de> wrote:

> Package: icu
> Severity: grave
> Tags: security
>
> Please see https://bugzilla.redhat.com/show_bug.cgi?id=765812 for
> details and references to patches.
>
> Cheers,
>         Moritz

I'm uploading a new version momentarily to unstable to fix it.  Sorry
for the delay.  I'm also preparing packages for stable-security and
oldstable-security.  The patch is trivial to backport.  Should I do the
uploads?  I'm attaching the patches.  If okay, I'll build against
oldstable and stable and upload.

--Jay

[icu-3.8.1-3+lenny2-to-icu-3.8.1-3+lenny3.patch (text/x-diff, attachment)]
[icu-4.4.1-7-to-icu-4.4.1-8.patch (text/x-diff, attachment)]

Reply sent to Jay Berkenbilt <qjb@debian.org>:
You have taken responsibility. (Sun, 22 Jan 2012 01:51:07 GMT) (full text, mbox, link).

Notification sent to Moritz Muehlenhoff <muehlenhoff@univention.de>:
Bug acknowledged by developer. (Sun, 22 Jan 2012 01:51:07 GMT) (full text, mbox, link).

Message #15 received at 654883-close@bugs.debian.org (full text, mbox, reply):

From: Jay Berkenbilt <qjb@debian.org>
To: 654883-close@bugs.debian.org
Subject: Bug#654883: fixed in icu 4.8.1.1-3
Date: Sun, 22 Jan 2012 01:48:09 +0000
Source: icu
Source-Version: 4.8.1.1-3

We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive:

icu-doc_4.8.1.1-3_all.deb
  to main/i/icu/icu-doc_4.8.1.1-3_all.deb
icu_4.8.1.1-3.debian.tar.gz
  to main/i/icu/icu_4.8.1.1-3.debian.tar.gz
icu_4.8.1.1-3.dsc
  to main/i/icu/icu_4.8.1.1-3.dsc
lib32icu-dev_4.8.1.1-3_amd64.deb
  to main/i/icu/lib32icu-dev_4.8.1.1-3_amd64.deb
lib32icu48_4.8.1.1-3_amd64.deb
  to main/i/icu/lib32icu48_4.8.1.1-3_amd64.deb
libicu-dev_4.8.1.1-3_amd64.deb
  to main/i/icu/libicu-dev_4.8.1.1-3_amd64.deb
libicu48-dbg_4.8.1.1-3_amd64.deb
  to main/i/icu/libicu48-dbg_4.8.1.1-3_amd64.deb
libicu48_4.8.1.1-3_amd64.deb
  to main/i/icu/libicu48_4.8.1.1-3_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 654883@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Jay Berkenbilt <qjb@debian.org> (supplier of updated icu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sat, 21 Jan 2012 19:44:44 -0500
Source: icu
Binary: libicu48 libicu48-dbg libicu-dev lib32icu48 lib32icu-dev icu-doc
Architecture: source all amd64
Version: 4.8.1.1-3
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description: 
 icu-doc    - API documentation for ICU classes and functions
 lib32icu-dev - Development files for International Components for Unicode (32-bi
 lib32icu48 - International Components for Unicode (32-bit)
 libicu-dev - Development files for International Components for Unicode
 libicu48   - International Components for Unicode
 libicu48-dbg - International Components for Unicode
Closes: 654883
Changes: 
 icu (4.8.1.1-3) unstable; urgency=high
 .
   * Add patch to address CVE-2011-4599, a potential buffer overflow.
     (Closes: #654883)
Checksums-Sha1: 
 a4fde500cb9b4499515a6e14bb86d74b8437fa6e 2199 icu_4.8.1.1-3.dsc
 624c927fa454f233aba9d443264cc47c902a5b75 17933 icu_4.8.1.1-3.debian.tar.gz
 a365e9bd129cea96dd2f38b0f8d25f65d818b767 4147618 icu-doc_4.8.1.1-3_all.deb
 5dd0133104fc7e922f4c3e9f28e88aeda4e5a5d0 8124162 libicu48_4.8.1.1-3_amd64.deb
 a653bcdb4c37761aa9df57ff149c4ea1ec13c30c 4189650 libicu48-dbg_4.8.1.1-3_amd64.deb
 6a32a626c50512f79946cedee6e4671b741d3f51 9768228 libicu-dev_4.8.1.1-3_amd64.deb
 4d94e69846c546ca7b02c67256c7123c13333596 8196244 lib32icu48_4.8.1.1-3_amd64.deb
 32f832cbbcb100a03b2b5b65dc32417644c4f23c 8545178 lib32icu-dev_4.8.1.1-3_amd64.deb
Checksums-Sha256: 
 40f14dce96af4231da97c94b74684535ff798b2d500ffa5460599d8dce20d5af 2199 icu_4.8.1.1-3.dsc
 b3417092c5d9fb8d67a144f9a1f57c995e2987e6527ce49263f34dd852cc52dc 17933 icu_4.8.1.1-3.debian.tar.gz
 eb2bb0f851ced37e697fa14f88027bd826fc9e0dcefdd2b32882ac95201b255e 4147618 icu-doc_4.8.1.1-3_all.deb
 f7b43ce5b1682e9025e3c689ff72235913481cfacee9f9a69e240add0c3197d0 8124162 libicu48_4.8.1.1-3_amd64.deb
 e24a515e425835ca9d6c43002a7ba7322cf044e078ced9cf83eef098d52e0590 4189650 libicu48-dbg_4.8.1.1-3_amd64.deb
 812eb63e68e0cb43f7131c95171aa80a5130453384a31987f59582dda939763e 9768228 libicu-dev_4.8.1.1-3_amd64.deb
 6d74a79c01d676c182a6398dcde65dee8f0ba06b14ecea3961c8f792527c9366 8196244 lib32icu48_4.8.1.1-3_amd64.deb
 198b27c9af59786096a303f4c788c9da26f913586318b24d7ecde8735806b9d4 8545178 lib32icu-dev_4.8.1.1-3_amd64.deb
Files: 
 40ab5c36fc4109b4aaa1da0dffc51be0 2199 libs optional icu_4.8.1.1-3.dsc
 870887c333315306d7cfd3eac8b0676f 17933 libs optional icu_4.8.1.1-3.debian.tar.gz
 12948714586b116e189dd59c1aca4d90 4147618 doc optional icu-doc_4.8.1.1-3_all.deb
 38b96472ecb20b10ed5ba71cbe67a694 8124162 libs optional libicu48_4.8.1.1-3_amd64.deb
 df1e28017f746ef54ff0958aa118a074 4189650 debug extra libicu48-dbg_4.8.1.1-3_amd64.deb
 a77a2afea2b592105a8c3c9455318d70 9768228 libdevel optional libicu-dev_4.8.1.1-3_amd64.deb
 74e8a6f7e752b6bee8d134beb795192b 8196244 libs optional lib32icu48_4.8.1.1-3_amd64.deb
 f2d0776fac511ae0aa765acfd263fa38 8545178 libdevel optional lib32icu-dev_4.8.1.1-3_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQIcBAEBAgAGBQJPG2a/AAoJEIp10QmYASx+dNwP/jYp4lOfAkPh6FcvHF+sFhls
e/NRnWf84zqU07qnVzPAKXxWywXALjsa8ckOr4uKlL4G2PWmI9vMdNAWqzQHjdFl
Yyv0FbFEBrJFaw4qtqd+wLQ8SzBpXxXQMl71RXnECv1HbESo77Oz3GrOQDEZas58
a/8ody5ktgzqxx6ljyCw4RqYArK70xTgBpqEpwPN4ppe0T7jkiEcAdPZrIYZqHQG
RZ55Kf6nJ5Y6yque9I0PRMGFu8uCHTxj6P/mBAES4dDxIVworkOMwSgnt6quHrTl
Ijo01VWjMsOW5voB1G69Q8m2aUto3SI5f5TdGrXYf3P6NYkxbO+NfVQO9F880hPC
BNGzKXX6N+G318hAmvgicwHVWDRydZUkHbEmttWOXxVp7PazCxXD16JllQTxOmfF
nzCDIkQcZs2UetFXFVcDDuZImh4tul121hGyfl2SiCb00jNwGBSa9Zar+0jvZif0
GLAX8Nz1BLEo6rH1nb9Ai9Mjo9QyYyY+siJC/ma2gYpeiznJEbl3lK8an913Kmhb
t6ZwKOTny9oOwa6WC24A0CNYJHGkvnhke/k8pXG4Lny+Tbka2pVJUf8aoVwcKa5g
AFHrTVZEjs+1RyeyELov0Cvvec8RJj1erWDbOfOBzhiLFNTV2/w/3qDmgr9640I/
uAonF+8YvSo0dej8LwkG
=kv/X
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 31 May 2012 07:39:40 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 14:55:24 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started