Your message dated Fri, 13 Mar 2020 01:19:44 +0000 with message-id <e1jcyzi-0009yf...@fasolo.debian.org> and subject line Bug#953747: fixed in icu 66.1-2 has caused the Debian Bug report #953747, regarding icu: CVE-2020-10531 to be marked as done.
This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact ow...@bugs.debian.org immediately.) -- 953747: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953747 Debian Bug Tracking System Contact ow...@bugs.debian.org with problems
--- Begin Message ---Source: icu Version: 63.2-2 Severity: grave Tags: security upstream Justification: user security hole Forwarded: https://github.com/unicode-org/icu/pull/971 Hi, The following vulnerability was published for icu. CVE-2020-10531[0]: | An issue was discovered in International Components for Unicode (ICU) | for C/C++ through 66.1. An integer overflow, leading to a heap-based | buffer overflow, exists in the UnicodeString::doAppend() function in | common/unistr.cpp. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-10531 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 [1] https://bugs.chromium.org/p/chromium/issues/detail?id=1044570 (not public) [2] https://unicode-org.atlassian.net/browse/ICU-20958 (private) [3] https://github.com/unicode-org/icu/pull/971 [4] https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Please adjust the affected versions in the BTS as needed. Regards, Salvatore
--- End Message ---
--- Begin Message ---Source: icu Source-Version: 66.1-2 Done: Laszlo Boszormenyi (GCS) <g...@debian.org> We believe that the bug you reported is fixed in the latest version of icu, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 953...@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Laszlo Boszormenyi (GCS) <g...@debian.org> (supplier of updated icu package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmas...@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 13 Mar 2020 00:18:02 +0000 Source: icu Architecture: source Version: 66.1-2 Distribution: experimental Urgency: high Maintainer: Laszlo Boszormenyi (GCS) <g...@debian.org> Changed-By: Laszlo Boszormenyi (GCS) <g...@debian.org> Closes: 953747 Changes: icu (66.1-2) experimental; urgency=high . * Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in UnicodeString::doAppend() (closes: #953747). Checksums-Sha1: bfa37f16cb015239c011c2622f1524147872f18e 2219 icu_66.1-2.dsc 312e58407e7a8ea8bddcceb4000fa8d3e7919baa 25268 icu_66.1-2.debian.tar.xz Checksums-Sha256: 432957d8b62dc3add1c9f9f2c8925ebd59519404c87c2ea8768bf453d2da8a79 2219 icu_66.1-2.dsc fb94f46b655af3ad0ce9d7e14ba24b4e72ae4fdb27b7fe8a36ba037f3a593b6e 25268 icu_66.1-2.debian.tar.xz Files: c4934c0292793482caa84cd76641d06f 2219 libs optional icu_66.1-2.dsc 4e3a56d2e3f3148329ff832a60691025 25268 libs optional icu_66.1-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAl5q20IACgkQ3OMQ54ZM yL+GkhAAgCkq+ViUDO1QxaNj12GAIVuHkp/HA/uYN4lat1GQteKuKRWc8bBKi1Fz bhjzHEV1Omz5zb7d44hI2Vwx3yeOPdxspWekGre+YaFvnM1Ue+I4V6yCubkA/fgn 4PGMXJ88G8DGTo9gKbNVvoxdqrif4tE+JevFe6fjbToVrUc0EPQWqozr09U8Mkmp T3sxL3lH6bw8jO9XvznWU3NsmRhnKqDdMnckH2KGAIfPVpEMLxUi3cZTJROpMr+k EM0NurehxXs4k0n7UBKaEMcTibbh9bXoF7joxq7SoaxwBvfbphaD0tySYYv/XId3 /PJwiVxYkmTze5TiQo1lKEMp7J/4hHLD4WBkEM//akx+cymhsgzZZwqrHUOrmzTf LLrIYNTDfZt9Dp1yDCDxX3ewEAeXh62QElE/TqKHz9/hfXkrg8BYQVaSiAU3hG7G PyHriRGXzvjDj7iwrQp+bxVvvLxvgk5TuJRh/lTZAD7A3SVIjQ8HtmEPX+KO7qbL 0ILCz1dtQGGqQWgyS2nEXkBXOJVwnO52kFPPRTuWUipcD58B2ux7kdeCwDhkiQck j/RyTn9AP7eyXpqPn0u5Hya6iSD98uAdc1TJCtPJsRA1O8UjXmp/5cY2QKsdJG3x X1ZZ/LEs0KBCc4TAgakDldaDvQtI5gBnGXFntVxoJhJcIoolpB4= =HhKj -----END PGP SIGNATURE-----
--- End Message ---
