-
icu (52.1-8+deb8u7) jessie-security; urgency=high
* Backport upstream security fix for CVE-2017-15422: Persian calendar
integer overflow (closes: #892766).
-- Laszlo Boszormenyi (GCS) <email address hidden> Wed, 14 Mar 2018 18:28:21 +0000
-
icu (52.1-8+deb8u6) jessie; urgency=high
* Backport upstream security fix for CVE-2017-14952: double free in
createMetazoneMappings() (closes: #878840).
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 24 Oct 2017 17:28:29 +0000
-
icu (52.1-8+deb8u5) jessie-security; urgency=high
* Backport upstream security fix for CVE-2017-7867 and CVE-2017-7868,
heap-buffer-overflow in utf8TextAccess.
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 17 Apr 2017 08:41:59 +0000
-
icu (52.1-8+deb8u4) jessie-security; urgency=high
* Backport upstream fix for CVE-2014-9911: buffer overflow problem in
uresbund.cpp .
* Backport upstream fix for CVE-2015-2632: unspecified vulnerability allows
remote attackers to affect confidentiality via unknown vectors.
* Backport upstream fix for CVE-2015-4844: missing boundary checks in
layout engine.
* Backport upstream fix for CVE-2016-0494: integer signedness issue in
IndicRearrangementProcessor.
* Backport upstream fix for CVE-2016-6293: the uloc_acceptLanguageFromHTTP
function does not ensure that there is a '\0' character at the end of a
certain temporary array.
* Backport upstream fix for CVE-2016-7415: stack-based buffer overflow in
the Locale class via a long locale string (closes: #838694).
-- Laszlo Boszormenyi (GCS) <email address hidden> Sat, 10 Sep 2016 12:41:51 +0000
-
icu (52.1-8+deb8u3) jessie-security; urgency=high
* Fix CVE-2015-1270 - uninitialized memory read (closes: #798647).
-- Laszlo Boszormenyi (GCS) <email address hidden> Mon, 14 Sep 2015 17:24:55 +0200
-
icu (52.1-8+deb8u2) jessie-security; urgency=high
* Fix security bugs:
- CVE-2014-8146 , a heap overflow,
- CVE-2014-8147 , an integer overflow,
- CVE-2015-4760 , missing boundary checks in layout engine,
- CVE-2014-6585 , finish null pointer checks.
-- Laszlo Boszormenyi (GCS) <email address hidden> Thu, 30 Jul 2015 20:45:16 +0000
-
icu (52.1-8) unstable; urgency=high
* New maintainer (closes: #777694).
* Update Standars-Version to 3.9.6 .
[ Michael Gilbert <email address hidden> ]
* Apply a more complete fix for CVE-2014-7940 (closes: #780503).
- Thanks to Marc Deslauriers.
-- Laszlo Boszormenyi (GCS) <email address hidden> Tue, 17 Mar 2015 11:14:15 +0000
-
icu (52.1-7.1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Unfixed issue from the previous upload (closes: #776264)
- CVE-2014-6585: out-of-bounds read.
* Issues fixed in chromium 40.0.2214.91 (closes: #776265, #776719).
- CVE-2014-7923: memory corruption in regular expression comparison.
- CVE-2014-7926: memory corruption in regular expression comparison.
- CVE-2014-7940: uninitialized memory in i18n/icol.cpp.
- CVE-2014-9654: more regular expression handling issues.
-- Michael Gilbert <email address hidden> Sun, 15 Feb 2015 22:19:14 +0000
-
icu (52.1-7) unstable; urgency=high
* Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug.
(Closes: #775884)
-- Jay Berkenbilt <email address hidden> Wed, 21 Jan 2015 21:33:19 -0500
-
icu (52.1-6) unstable; urgency=medium
* Ensure that only flags intended to be set by users make it into
icu-config. Previously hardening flags were sneaking in there.
(Closes: #759792)
-- Jay Berkenbilt <email address hidden> Mon, 29 Sep 2014 09:59:09 -0400
-
icu (52.1-5) unstable; urgency=medium
* Switch hardening back to dpkg-buildflags. It wasn't previously working
but now is, probably because of other bugfixes that have happened in
the mean time.
-- Jay Berkenbilt <email address hidden> Sat, 26 Jul 2014 12:54:32 -0400
-
icu (52.1-4) unstable; urgency=medium
* Fix test case that fails with gcc 4.9. Fix is from upstream. (Closes:
#746860)
-- Jay Berkenbilt <email address hidden> Sat, 21 Jun 2014 16:52:47 -0400
-
icu (52.1-3) unstable; urgency=medium
* Add package dependency information to assist with upgrades in Ubuntu.
This eliminates the need for a delta on the Ubuntu version of the
package.
-- Jay Berkenbilt <email address hidden> Tue, 24 Dec 2013 11:45:03 -0500
-
icu (52.1-2) unstable; urgency=low
* Re-upload to unstable
-- Jay Berkenbilt <email address hidden> Tue, 03 Dec 2013 16:05:40 -0500
-
icu (4.8.1.1-14) unstable; urgency=high
* Acknowledge NMU. Thanks.
* Update standards version to 3.9.5. No changes required.
* No changes other than version numbers; uploading with urgency=high.
-- Jay Berkenbilt <email address hidden> Wed, 13 Nov 2013 16:19:32 -0500
-
icu (4.8.1.1-13+nmu1) unstable; urgency=high
* Non-maintainer upload by the Security Team.
* Fix cve-2013-2924: use-after-free issue in csrucode.cpp (closes: #726477).
-- Michael Gilbert <email address hidden> Sun, 27 Oct 2013 03:49:58 +0000
-
icu (4.8.1.1-13) unstable; urgency=low
* Multi-arch libicu-dev. Thanks Dmitrijs Ledkovs
<email address hidden>! (Closes: #699763)
* Mark doxygen as architecture-independent build dependency.
(Closes: #706795)
* Depend on autotools-dev to update config.guess
-- Jay Berkenbilt <email address hidden> Wed, 21 Aug 2013 20:01:15 -0400
-
icu (4.8.1.1-12) unstable; urgency=high
* Add patch to address CVE-2013-0900, a threading race condition.
(Closes: #702346)
-- Jay Berkenbilt <email address hidden> Thu, 21 Mar 2013 11:29:08 -0400