diff -Nru icu-4.8.1.1/debian/changelog icu-4.8.1.1/debian/changelog --- icu-4.8.1.1/debian/changelog 2012-01-04 14:52:11.000000000 +0000 +++ icu-4.8.1.1/debian/changelog 2012-01-22 01:04:48.000000000 +0000 @@ -1,3 +1,10 @@ +icu (4.8.1.1-3) unstable; urgency=high + + * Add patch to address CVE-2011-4599, a potential buffer overflow. + (Closes: #654883) + + -- Jay Berkenbilt Sat, 21 Jan 2012 19:44:44 -0500 + icu (4.8.1.1-2) unstable; urgency=low * debian/patches/icudata-stdlibs.patch: Link stdlibs to libicudata so we diff -Nru icu-4.8.1.1/debian/patches/CVE-2011-4599.patch icu-4.8.1.1/debian/patches/CVE-2011-4599.patch --- icu-4.8.1.1/debian/patches/CVE-2011-4599.patch 1970-01-01 00:00:00.000000000 +0000 +++ icu-4.8.1.1/debian/patches/CVE-2011-4599.patch 2012-01-22 01:00:53.000000000 +0000 @@ -0,0 +1,22 @@ +Index: icu-4.8.1.1/source/common/uloc.c +=================================================================== +--- icu-4.8.1.1.orig/source/common/uloc.c 2011-10-18 19:12:40.000000000 -0400 ++++ icu-4.8.1.1/source/common/uloc.c 2012-01-21 19:42:18.087577138 -0500 +@@ -1797,7 +1797,7 @@ + int32_t variantLen = _deleteVariant(variant, uprv_min(variantSize, (nameCapacity-len)), variantToCompare, n); + len -= variantLen; + if (variantLen > 0) { +- if (name[len-1] == '_') { /* delete trailing '_' */ ++ if (len > 0 && name[len-1] == '_') { /* delete trailing '_' */ + --len; + } + addKeyword = VARIANT_MAP[j].keyword; +@@ -1805,7 +1805,7 @@ + break; + } + } +- if (name[len-1] == '_') { /* delete trailing '_' */ ++ if (len > 0 && len <= nameCapacity && name[len-1] == '_') { /* delete trailing '_' */ + --len; + } + } diff -Nru icu-4.8.1.1/debian/patches/series icu-4.8.1.1/debian/patches/series --- icu-4.8.1.1/debian/patches/series 2012-01-04 14:49:45.000000000 +0000 +++ icu-4.8.1.1/debian/patches/series 2012-01-22 01:01:06.000000000 +0000 @@ -5,3 +5,4 @@ malayalam-rendering.patch kfreebsd-configure.patch pathmax.patch +CVE-2011-4599.patch