On Mon, Mar 18, 2013 at 18:55:40 +0100, Moritz Mühlenhoff wrote: > On Sat, Mar 16, 2013 at 01:49:24PM -0400, Jay Berkenbilt wrote: > > > They also send me links to the upstream fixes: > > > http://bugs.icu-project.org/trac/changeset/32865 > > > http://bugs.icu-project.org/trac/changeset/32908 > > > > I can prepare a new upload with these fixes and call it CVE-2013-0900. > > There's a one-line fix for a Malayalam rendering problem (which causes a > > crash on certain codes and is therefore a potential DOS attack) which I > > will probably include in the same upload. Ordinarily I would not fix > > two issues in the same upload, particularly during a freeze, but the > > extreme simplicity of the second one makes me think this will be okay in > > this case. > > Sounds good to me (but I'm not a release team member) > Yes, that would be fine.
Cheers, Julien
signature.asc
Description: Digital signature
