[Bug 1684298] [NEW] Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty

Wed, 19 Apr 2017 14:51:12 -0700 

*** This bug is a security vulnerability ***

Public security bug reported:

Date Reported:
19 Apr 2017

Security database references:
In the Debian bugtracking system: 860314.
In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.

More information:
It was discovered that icu, the International Components for Unicode library, 
did not correctly validate its input. An attacker could use this problem to 
trigger an out-of-bound write through a heap-based buffer overflow, thus 
causing a denial of service via application crash, or potential execution of 
arbitrary code.

For the stable distribution (jessie), these problems have been fixed in
version 52.1-8+deb8u5.

** Affects: icu (Ubuntu)
     Importance: Undecided
         Status: New

** Information type changed from Public to Public Security

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7867

** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2017-7868

** Description changed:

  Date Reported:
  19 Apr 2017
  
  Security database references:
- In the Debian bugtracking system: Bug 860314.
+ In the Debian bugtracking system: 860314.
  In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868.
  
  More information:
  It was discovered that icu, the International Components for Unicode library, 
did not correctly validate its input. An attacker could use this problem to 
trigger an out-of-bound write through a heap-based buffer overflow, thus 
causing a denial of service via application crash, or potential execution of 
arbitrary code.
  
  For the stable distribution (jessie), these problems have been fixed in
  version 52.1-8+deb8u5.

** Summary changed:

- Security issues (solved in Debian)
+ Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1684298

Title:
  Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5
  trusty

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/icu/+bug/1684298/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to