Your message dated Fri, 13 Mar 2020 01:04:28 +0000 with message-id <e1jcykw-0007bf...@fasolo.debian.org> and subject line Bug#953747: fixed in icu 63.2-3 has caused the Debian Bug report #953747, regarding icu: CVE-2020-10531 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 953747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953747 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: icu Version: 63.2-2 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/unicode-org/icu/pull/971 Hi, The following vulnerability was published for icu. CVE-2020-10531[0]: | An issue was discovered in International Components for Unicode (ICU) | for C/C++ through 66.1. An integer overflow, leading to a heap-based | buffer overflow, exists in the UnicodeString::doAppend() function in | common/unistr.cpp. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-10531 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 [1] https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) [2] https://unicode-org.atlassian.net/browse/ICU-20958 (private) [3] https://github.com/unicode-org/icu/pull/971 [4] https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: icu Source-Version: 63.2-3 Done: Laszlo Boszormenyi (GCS) <g...@debian.org> We believe that the bug you reported is fixed in the latest version of icu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 953...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated icu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 Mar 2020 00:10:21 +0000 Source: icu Architecture: source Version: 63.2-3 Distribution: unstable Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Closes: 953747 Changes: icu (63.2-3) unstable; urgency=high . * Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in UnicodeString::doAppend() (closes: #953747). Checksums-Sha1: 412a8c4f8421d62085c66514f09bc6df9334d0c9 1965 icu_63.2-3.dsc ea5c73bcf4de9e7f7ac15315e41dd3ac23143ce1 35520 icu_63.2-3.debian.tar.xz cae41ff7481231e4e30e9ec82b782bef3e56ee43 8207 icu_63.2-3_amd64.buildinfo Checksums-Sha256: 7dc78f17c16387df8290f23bfd811faea030c21155d28ab460e429c581a41773 1965 icu_63.2-3.dsc 06b5b42f146a7cf39145db0b6582a108f1a8192326128f97a1181e726032ea2c 35520 icu_63.2-3.debian.tar.xz 256d54f8de7405650a2ec331af72c8090826e9fe49733ebdb14e668a297e319d 8207 icu_63.2-3_amd64.buildinfo Files: f4eb2c165f2cba9a173db2eeb659c193 1965 libs optional icu_63.2-3.dsc 6d2d364f5b78105035a10467dac0c2db 35520 libs optional icu_63.2-3.debian.tar.xz c5cbe93176383366c9d3d65d1bce72df 8207 libs optional icu_63.2-3_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl5q2DMACgkQ3OMQ54ZM yL9OuRAApGUj7WahYR3hhyKWErrSkHWWFGk8DraGAhWrMkIzhVT68q958wuMlC/v y6Hknj198IBCHoT79oiWK0W+ymMvXU6J13M79qAqAvSi4zZi4peZH/Br+FQWEc+D TiJVdKDCOK0hIUGc6UACPNJZ3hszNE1AhJ5vzWHDU5N0J2aNvjjgv7Z4tWrjkdDb dl0F0HZluQ6DHGj3fnjWf7aeAgjC4JF6i/5hudMKMjLV3deguTnCFyjVs2wH0Rbp HM0ykkNswMVzD0rgUT2reiVgjoo2AYv4v0bgzG3p4WWxHeBrVznTzhZ8Fq3/kDhD ACzQ0oWxl7PIkrssm/x7+V0xoVkzveJMSylx61GqJFsHGJo3TmcvLCpI9uYBR4Hj /k/C13KZFKSwh8B2KuJQ4xPYDrLEpptpzQuiadjHeUd685UnLWD0nmYrS2J+6gPK +Gb2r6FDIjTSNFt8NRQchJXjgVzTFvwZUasVdJbs89+vYrtrFSKiLPw4d2RmBWUz h+5R1Ti4mgFRXpMRL2thZGHsoyU72eiYfF/hGW9HsacM7BLgheiV+F1ABOra5KOf QkpiL3ucfIUALgo6SRZoAzqCyD2FFgXADPlAGaV55O3G0hNUms48EKFeEr49Xj6S 6VlPaH3YrD/D8ogrnBsCO8TrMQRp40oD0zgbyshCqeTd48PYccg= =UW73 -----END PGP SIGNATURE-----
--- End Message ---
