Launchpad has imported 8 comments from the remote bug at https://bugzilla.redhat.com/show_bug.cgi?id=429023.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2008-01-16T20:53:36+00:00 Josh wrote: Will Drewry reported a flaw in the way libicu processes certain regular expressions. He reports: On regular expression compilation, illegal backreferences may refer to the non-existent capture group '0'. When these are builts, they will result in corrupt REStackFrames which will be used at a later point. Crashes may result in out of band reads or writes depending on the regular expression being executed. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/0 ------------------------------------------------------------------------ On 2008-01-17T09:20:08+00:00 Caolan wrote: Created attachment 291973 An example of icu pattern matching in OOo I figured out how to get OOo to match patterns with the icu regexp stuff. Attached is a test-case which just tries to match "I am a pattern" Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/1 ------------------------------------------------------------------------ On 2008-01-18T08:06:42+00:00 Tomas wrote: Created attachment 292114 Patch agains ICU 3.8 proposed by Andy Heninger Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/2 ------------------------------------------------------------------------ On 2008-01-22T08:59:16+00:00 Caolan wrote: Created attachment 292482 backported patch I can't commit to RHEL icu without approved bugzilla ids. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/3 ------------------------------------------------------------------------ On 2008-01-25T13:14:05+00:00 Josh wrote: This is now public: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/4 ------------------------------------------------------------------------ On 2008-01-27T07:13:09+00:00 Fedora wrote: icu-3.8-5.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/5 ------------------------------------------------------------------------ On 2008-01-27T07:21:19+00:00 Fedora wrote: icu-3.6-20.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/6 ------------------------------------------------------------------------ On 2008-01-27T10:15:09+00:00 Red wrote: This issue was addressed in: Red Hat Enterprise Linux: http://rhn.redhat.com/errata/RHSA-2008-0090.html Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-1076 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-1036 Reply at: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/comments/7 ** Changed in: icu (Fedora) Importance: Unknown => High -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/186578 Title: [libicu] [CVE-2007-4770] [CVE-2007-4771] potential execution of arbitrary code via malformed regular expressions To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/186578/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
