Package: icu
Severity: important
Tags: security
Hi,
the issue CVE-2014-6585 from today's Oracle patch update
(http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html)
is actually a vulnerability in ICU (since Java embeds a copy). Red Hat
has tracked this down further and isolated the patch, please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6591 for more
details. The patch isn't in ICU trunk yet, so please forward it
upstream unless they are not aware of it yet. It would be nice to
get that fixed in jessie.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
