Change logs for icu source package in Jessie

icu (52.1-8+deb8u7) jessie-security; urgency=high

  * Backport upstream security fix for CVE-2017-15422: Persian calendar
    integer overflow (closes: #892766).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Wed, 14 Mar 2018 18:28:21 +0000

icu (52.1-8+deb8u6) jessie; urgency=high

  * Backport upstream security fix for CVE-2017-14952: double free in
    createMetazoneMappings() (closes: #878840).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 24 Oct 2017 17:28:29 +0000

icu (52.1-8+deb8u5) jessie-security; urgency=high

  * Backport upstream security fix for CVE-2017-7867 and CVE-2017-7868,
    heap-buffer-overflow in utf8TextAccess.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 17 Apr 2017 08:41:59 +0000

icu (52.1-8+deb8u4) jessie-security; urgency=high

  * Backport upstream fix for CVE-2014-9911: buffer overflow problem in
    uresbund.cpp .
  * Backport upstream fix for CVE-2015-2632: unspecified vulnerability allows
    remote attackers to affect confidentiality via unknown vectors.
  * Backport upstream fix for CVE-2015-4844: missing boundary checks in
    layout engine.
  * Backport upstream fix for CVE-2016-0494: integer signedness issue in
    IndicRearrangementProcessor.
  * Backport upstream fix for CVE-2016-6293: the uloc_acceptLanguageFromHTTP
    function does not ensure that there is a '\0' character at the end of a
    certain temporary array.
  * Backport upstream fix for CVE-2016-7415: stack-based buffer overflow in
    the Locale class via a long locale string (closes: #838694).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Sat, 10 Sep 2016 12:41:51 +0000

icu (52.1-8+deb8u3) jessie-security; urgency=high

  * Fix CVE-2015-1270 - uninitialized memory read (closes: #798647).

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Mon, 14 Sep 2015 17:24:55 +0200

icu (52.1-8+deb8u2) jessie-security; urgency=high

  * Fix security bugs:
    - CVE-2014-8146 , a heap overflow,
    - CVE-2014-8147 , an integer overflow,
    - CVE-2015-4760 , missing boundary checks in layout engine,
    - CVE-2014-6585 , finish null pointer checks.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Thu, 30 Jul 2015 20:45:16 +0000

icu (52.1-8) unstable; urgency=high


  * New maintainer (closes: #777694).
  * Update Standars-Version to 3.9.6 .

  [ Michael Gilbert <email address hidden> ]
  * Apply a more complete fix for CVE-2014-7940 (closes: #780503).
    - Thanks to Marc Deslauriers.

 -- Laszlo Boszormenyi (GCS) <email address hidden>  Tue, 17 Mar 2015 11:14:15 +0000

icu (52.1-7.1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Unfixed issue from the previous upload (closes: #776264)
    - CVE-2014-6585: out-of-bounds read.
  * Issues fixed in chromium 40.0.2214.91 (closes: #776265, #776719).
    - CVE-2014-7923: memory corruption in regular expression comparison.
    - CVE-2014-7926: memory corruption in regular expression comparison.
    - CVE-2014-7940: uninitialized memory in i18n/icol.cpp.
    - CVE-2014-9654: more regular expression handling issues.

 -- Michael Gilbert <email address hidden>  Sun, 15 Feb 2015 22:19:14 +0000

icu (52.1-7) unstable; urgency=high


  * Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug.
    (Closes: #775884)

 -- Jay Berkenbilt <email address hidden>  Wed, 21 Jan 2015 21:33:19 -0500

icu (52.1-6) unstable; urgency=medium


  * Ensure that only flags intended to be set by users make it into
    icu-config. Previously hardening flags were sneaking in there.
    (Closes: #759792)

 -- Jay Berkenbilt <email address hidden>  Mon, 29 Sep 2014 09:59:09 -0400

icu (52.1-5) unstable; urgency=medium


  * Switch hardening back to dpkg-buildflags. It wasn't previously working
    but now is, probably because of other bugfixes that have happened in
    the mean time.

 -- Jay Berkenbilt <email address hidden>  Sat, 26 Jul 2014 12:54:32 -0400

icu (52.1-4) unstable; urgency=medium


  * Fix test case that fails with gcc 4.9. Fix is from upstream. (Closes:
    #746860)

 -- Jay Berkenbilt <email address hidden>  Sat, 21 Jun 2014 16:52:47 -0400

icu (52.1-3) unstable; urgency=medium


  * Add package dependency information to assist with upgrades in Ubuntu.
    This eliminates the need for a delta on the Ubuntu version of the
    package.

 -- Jay Berkenbilt <email address hidden>  Tue, 24 Dec 2013 11:45:03 -0500

icu (52.1-2) unstable; urgency=low


  * Re-upload to unstable

 -- Jay Berkenbilt <email address hidden>  Tue, 03 Dec 2013 16:05:40 -0500

icu (4.8.1.1-14) unstable; urgency=high


  * Acknowledge NMU.  Thanks.
  * Update standards version to 3.9.5.  No changes required.
  * No changes other than version numbers; uploading with urgency=high.

 -- Jay Berkenbilt <email address hidden>  Wed, 13 Nov 2013 16:19:32 -0500

icu (4.8.1.1-13+nmu1) unstable; urgency=high


  * Non-maintainer upload by the Security Team.
  * Fix cve-2013-2924: use-after-free issue in csrucode.cpp (closes: #726477).

 -- Michael Gilbert <email address hidden>  Sun, 27 Oct 2013 03:49:58 +0000

icu (4.8.1.1-13) unstable; urgency=low


  * Multi-arch libicu-dev.  Thanks Dmitrijs Ledkovs
    <email address hidden>!  (Closes: #699763)
  * Mark doxygen as architecture-independent build dependency.
    (Closes: #706795)
  * Depend on autotools-dev to update config.guess

 -- Jay Berkenbilt <email address hidden>  Wed, 21 Aug 2013 20:01:15 -0400

icu (4.8.1.1-12) unstable; urgency=high


  * Add patch to address CVE-2013-0900, a threading race condition.
    (Closes: #702346)

 -- Jay Berkenbilt <email address hidden>  Thu, 21 Mar 2013 11:29:08 -0400