[<prev] [next>] [day] [month] [year] [list]
Message-Id: <E1YX0gx-0005gh-Oy@alpha.psidef.org>
Date: Sun, 15 Mar 2015 01:02:23 -0400
From: Michael Gilbert <mgilbert@...ian.org>
To: bugtraq@...urityfocus.com
Subject: [SECURITY] [DSA 3187-1] icu security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
- -------------------------------------------------------------------------
Debian Security Advisory DSA-3187-1 security@...ian.org
http://www.debian.org/security/ Michael Gilbert
March 15, 2015 http://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : icu
CVE ID : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419
CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926
CVE-2014-7940 CVE-2014-9654
Debian Bug : 775884 776264 776265 776719
Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library.
CVE-2013-1569
Glyph table issue.
CVE-2013-2383
Glyph table issue.
CVE-2013-2384
Font layout issue.
CVE-2013-2419
Font processing issue.
CVE-2014-6585
Out-of-bounds read.
CVE-2014-6591
Additional out-of-bounds reads.
CVE-2014-7923
Memory corruption in regular expression comparison.
CVE-2014-7926
Memory corruption in regular expression comparison.
CVE-2014-7940
Uninitialized memory.
CVE-2014-9654
More regular expression flaws.
For the stable distribution (wheezy), these problems have been fixed in
version 4.8.1.1-12+deb7u2.
For the upcoming stable (jessie) and unstable (sid) distributions, these
problems have been fixed in version 52.1-7.1.
We recommend that you upgrade your icu packages.
Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/
Mailing list: debian-security-announce@...ts.debian.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQQcBAEBCgAGBQJVBRIKAAoJELjWss0C1vRzffkf/3c3969L9aI5JN/9i+N8cT3a
1wdG7JnH5W990a9nt6zEfpgVT+tNIM0AW3Q7hY7P4ld9rQbht4qKZA2n739cqHiF
tpQwWWv+zPxwYYS9ZLKv36ptnnL4w9Te7IqHyxFkEijxyYO6zyWbxe/yrDIhRh4i
ayQ9RGpqWQk90A/CZCcJm+7DWJu67gU0RVaRVTzPsd1yXnLcpXkmcHJHyUDhHvOF
PhfDIsXdNCqxkt4o/rUkkWM+wU9wIFP1L356QCHU/wtUJjvdfd6bLJH4fbcgaW3f
tzzMRv1Vov78KRxZqdYK8EBJb1BELlHvjmTmkvPuXuflNJT9ioiEi+OM0it24GGI
8bl56KrPxkAlkkfKwJ/0ZKP1UJsHRjTvymV9LY1wNXUTl3TCDbccX4auFq8/r67G
ohI5nhgOT0IHs/hn105LfKAa6IEGa+QvdAto31SYHhqKONkYIUw2XzTXLMgZGLlY
u8QRi9IEd/lSK6M2gsWlGBB0zKZqymzyOOMJXEs/k+iwyenVp486/2Vv5xP3gX6B
Q4NSW6DWU9Ke5XpAT4OkeE0DDSkr6LjsFTRZEudcNHeOmPAuoD9n/mtZOdXcpBqD
3qe/EjqmPSjrKNonWcubeeSonCX8Svxd9nCwTxrKaXHjKanNqWkjulW9+a/86TWT
hDTrE8OIwAnv//kZc57ugNehEqEv9njlhFCI3UI4GFNyAyk7xkE6MDlQxWYqPwt7
ZTU8BFWwnF1wd1rAHijLZRvVCaOy279JrtoIKhfyPxicCZjlRUYDueu7cTe8hvrb
YBeKobGzKuj4qqatKeGfb6zZvmt+FjbS17Z17O7dtGmb9RKTpAbYoipr7kRVCJtX
5pSUpzKFYAnHZAd1B058IjY3Vv4EZE/ugn1InxtAjJ84WaIzGXMG96rWyEYyyNGx
1gi0rygt2Cx9I5akDvmDAnxr6U8VLS/LUQKHp6vR6RU0+VpGn0CkQSgwZK4viEmf
iBsCmHXbLp7K5hvdu3RXqDVjdEnnGP54NARu3u63E/HMs7VvXti0WFJqR1ZqnzIk
y2kcJufPtDFMeLhXAIygF9RgIB/0RgLXQCivwGKaZRiBCWhRgUcWppuJpRiCeXVn
5KsTBWAEn/eGPtut9hCy9wjxCqYYXb/2/jT0l2ZOBKWx7bWsARa0OUxXRFeSONIt
rcYAQHr4ta//pQVyi1wF15lTTLFMrhqKkwS7029deDSV7JuBX+hFObVWQT8c1zjq
UQC269Da7pnps39JWrwukdqKRxyA9/GkyUHtntwKB6dxdEJ8OGtt90V92dUzkHxb
262WsoTQXWX6HMxgp9BDz7TOnAB4BjG1ACKud9GYjp5m46wxgbt5MP5tgSGAm4E=
=4GJD
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists