Publishing details

Changelog

icu (52.1-3ubuntu0.4) trusty-security; urgency=medium

  * SECURITY UPDATE: denial of service via mishandling of converter names
    with initial x- substrings
    - debian/patches/CVE-2015-1270.patch: fix logic in
      source/common/ucnv_io.cpp.
    - CVE-2015-1270
  * SECURITY UPDATE: information disclosure via overflows
    - debian/patches/CVE-2015-2632.patch: properly calculate index in
      source/layout/Features.cpp, check for overflows in
      source/layout/LETableReference.h.
    - CVE-2015-2632
  * SECURITY UPDATE: denial of service and possible code execution via
    overflows
    - debian/patches/CVE-2015-4760.patch: check bounds in
      source/layout/ContextualGlyphInsertionProc2.cpp,
      source/layout/ContextualGlyphSubstProc.cpp,
      source/layout/ContextualGlyphSubstProc2.cpp,
      source/layout/IndicRearrangementProcessor.cpp,
      source/layout/IndicRearrangementProcessor2.cpp,
      use unsigned flags in source/layout/LigatureSubstProc.cpp,
      source/layout/StateTables.h, properly handle errors in
      source/layout/StateTableProcessor.cpp,
      source/layout/StateTableProcessor2.cpp.
    - CVE-2015-4760

 -- Marc Deslauriers <email address hidden>  Fri, 11 Sep 2015 09:28:05 -0400

Available diffs

Builds

Package files