Your message dated Sat, 02 Dec 2017 19:32:53 +0000 with message-id <e1eldwv-000ctr...@fasolo.debian.org> and subject line Bug#878840: fixed in icu 52.1-8+deb8u6 has caused the Debian Bug report #878840, regarding icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 878840: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878840 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: icu Version: 57.1-6 Severity: grave Tags: patch security upstream Hi, the following vulnerability was published for icu. CVE-2017-14952[0]: | Double free in i18n/zonemeta.cpp in International Components for | Unicode (ICU) for C/C++ through 59.1 allows remote attackers to | execute arbitrary code via a crafted string, aka a "redundant UVector | entry clean up function call" issue. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-14952 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 [1] http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/ [2] https://ssl.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp Please adjust the affected versions in the BTS as needed, unstable seem to contain the issue, experimental not checked. Older version have as well not been verified. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: icu Source-Version: 52.1-8+deb8u6 We believe that the bug you reported is fixed in the latest version of icu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 878...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated icu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 24 Oct 2017 17:28:29 +0000 Source: icu Binary: libicu52 libicu52-dbg libicu-dev icu-devtools icu-doc Architecture: source all amd64 Version: 52.1-8+deb8u6 Distribution: jessie Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Description: icu-devtools - Development utilities for International Components for Unicode icu-doc - API documentation for ICU classes and functions libicu-dev - Development files for International Components for Unicode libicu52 - International Components for Unicode libicu52-dbg - International Components for Unicode Closes: 878840 Changes: icu (52.1-8+deb8u6) jessie; urgency=high . * Backport upstream security fix for CVE-2017-14952: double free in createMetazoneMappings() (closes: #878840). Checksums-Sha1: a059f9d2544dd58c12ddc26d599d9217520dea80 2015 icu_52.1-8+deb8u6.dsc 6da9aa24cd5e2ee491f973a764f2e22b1e9e5f54 38108 icu_52.1-8+deb8u6.debian.tar.xz f3509dd6258efc15655db2a42fa7b34c10410620 2591742 icu-doc_52.1-8+deb8u6_all.deb 607c2b440bc3e7089d1736947eddfaf6253799fd 6803594 libicu52_52.1-8+deb8u6_amd64.deb 0a112a342801d62fed0307302767f38fcd8653d8 5935972 libicu52-dbg_52.1-8+deb8u6_amd64.deb 138bf3a0fe5726f3d845e3374d07379391a78987 7664374 libicu-dev_52.1-8+deb8u6_amd64.deb 76110676809d89f2890b644626992948d802dd4c 172870 icu-devtools_52.1-8+deb8u6_amd64.deb Checksums-Sha256: 1c77ead0935b29bb80b8f2756faf9dd7262b20aac632aef1eedd3fabf56fa6f6 2015 icu_52.1-8+deb8u6.dsc fd2df1a8d55fb7e093117e5dc761bbf01521f25a8076490d05fcebd3c005e77f 38108 icu_52.1-8+deb8u6.debian.tar.xz f5ff28f32f7d16dfda2414fa75eaae7d26afb4f81bf471b2b34b1cc7ca472e72 2591742 icu-doc_52.1-8+deb8u6_all.deb e31bb51c4b60f81709d8217ce69192bc0698045fd16d249d155217c4600e9d27 6803594 libicu52_52.1-8+deb8u6_amd64.deb f317e71e644cb8d7a521db9c07a059fe90bcef8f0b65cbd57a893e2c87d139fa 5935972 libicu52-dbg_52.1-8+deb8u6_amd64.deb 1981860bd0cac88b42326aac8ed822f68a472c3f9943678492f7e00bdf939e77 7664374 libicu-dev_52.1-8+deb8u6_amd64.deb 521b6055a74d00050777e0206604e1b81b01f95a476b6f36330323b3727730ef 172870 icu-devtools_52.1-8+deb8u6_amd64.deb Files: 7a34ae986c3721267ba744fe460165c4 2015 libs optional icu_52.1-8+deb8u6.dsc c48978b7960167db3e3beb4d0befdbf2 38108 libs optional icu_52.1-8+deb8u6.debian.tar.xz 3ee5985eff634c1627b081bfdbce391d 2591742 doc optional icu-doc_52.1-8+deb8u6_all.deb 1623cecd68e44004892f14269b6602fb 6803594 libs optional libicu52_52.1-8+deb8u6_amd64.deb 222220222e626c1157e2c633e96088c2 5935972 debug extra libicu52-dbg_52.1-8+deb8u6_amd64.deb db16d93c903509bc6d33cf202b59de3b 7664374 libdevel optional libicu-dev_52.1-8+deb8u6_amd64.deb 8f6eda2ef4329d196c14244b80c8428b 172870 libdevel optional icu-devtools_52.1-8+deb8u6_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAloa+HwACgkQ3OMQ54ZM yL+AOg//V5SC6cPou7j9Oyr9Xv88Pr35BFdaqgFlu+YVjHebBYwYRfV50YhuxGxu jeqelW5t4rLQsw75TyF0ZJ4SfcZIMhw8A7Z/2Q3VDBA9PlqhuGtmikngrvYZlXxh eclWmxhue0+i4xvimnabKOfB3w7fQeA6ONLqu3FM3XDkU8M3b0BWkhrU/FfXH89W 2MbH8luOkIh2Lf7V6kHiZCUhXBIQdVsCzWkp8FyjIPkh6kvPRQTCAEa3n+uL+z+o LjdALG7PxMaihgn7BJd1e7Mi1Lopw7AMpOY3ISjL7hDgdwHj0sNzO4zfEt9cTsMH 41FxzJyPfp/wzkFEw8b/uyMyPLQKWQfEsQW7ML3A4YQoZ5A3NPujfznw7iaqhqTV 2S/EcksWC5kbVQIJPYBjHHDkKTn/ns5OJSGtUar5QDna9u8/6b2igcqyH5W0pRZ9 d69pR3z8sY9HlAvJvV2PJoUeOWEFEUSJrQocz+6mIpfzFUp5chHJAsY1UglBMP+s 02yMdQBVUUDCYX2UMfbJ7bOKfS5JTQqE+WlxzVZAXX4kW4vc/MG+oPfv6+s1+FvT xEJsl/MdiCz5YF7Ofppoi6kQiAkJYAo5y79x82XOZ8LDSIPwL1Zfi5SdL6QsNdsq Tw6w96Iaw3pd2UeLAZUsju/ORHdh4lbqvPAv3NZwp+ruKMuYlIQ= =k8nQ -----END PGP SIGNATURE-----
--- End Message ---
