empty segment fixes

Bug #341834 reported by Kees Cook
254
Affects Status Importance Assigned to Milestone
icu (Ubuntu)
Fix Released
Undecided
Marc Deslauriers

Bug Description

International Components for Unicode (ICU) in Apple Mac OS X before 10.5.3 omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

CVE-2008-1036

Attached fix is from upstream, thanks to RedHat

Revision history for this message
Kees Cook (kees) wrote :
Kees Cook (kees)
Changed in icu (Ubuntu):
assignee: nobody → mdeslaur
status: New → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package icu - 3.6-3ubuntu0.2

---------------
icu (3.6-3ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: Cross-site scripting attack via invalid character
    sequences (LP: #341834)
    - debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
      source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
      invalid character sequences. Also, add test case to
      source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
    - CVE-2008-1036

 -- Marc Deslauriers <email address hidden> Wed, 25 Mar 2009 10:54:08 -0400

Changed in icu:
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.