Moritz Muehlenhoff <j...@inutil.org> wrote: > Google fixed a security issue in icu, which is embedded in Chrome: > http://googlechromereleases.blogspot.de/2013/02/stable-channel-update_21.html > > | [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to > Google Chrome Security Team (Inferno). > > I contact the Google Chrome Security Team and they pointed me to the following > upstream bug (which is private ATM, but maybe you have access?): > http://bugs.icu-project.org/trac/ticket/9737
I don't. > They also send me links to the upstream fixes: > http://bugs.icu-project.org/trac/changeset/32865 > http://bugs.icu-project.org/trac/changeset/32908 I can prepare a new upload with these fixes and call it CVE-2013-0900. There's a one-line fix for a Malayalam rendering problem (which causes a crash on certain codes and is therefore a potential DOS attack) which I will probably include in the same upload. Ordinarily I would not fix two issues in the same upload, particularly during a freeze, but the extreme simplicity of the second one makes me think this will be okay in this case. -- Jay Berkenbilt <q...@debian.org> -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
