Change logs for icu source package in Xenial

  • icu (55.1-7ubuntu0.4) xenial-security; urgency=medium
    
      * SECURITY UPDATE: integer overflow in Persian Cal
        - debian/patches/CVE-2017-15422.patch: use int64_t math for one
          operation to avoid overflow, add tests in source/i18n/gregoimp.cpp,
          source/i18n/gregoimp.h, source/i18n/persncal.cpp,
          source/test/intltest/calregts.cpp, source/test/intltest/calregts.h.
        - CVE-2017-15422
    
     -- Marc Deslauriers <email address hidden>  Tue, 27 Mar 2018 11:09:09 -0400
  • icu (55.1-7ubuntu0.3) xenial-security; urgency=medium
    
      * SECURITY UPDATE: double free
        - debian/patches/CVE-2017-14952.patch: fixes double free in
          createMetaZoneMappings() source/i18n/zonemeta.cpp.
        - CVE-2017-14952
    
     -- <email address hidden> (Leonidas S. Barbosa)  Tue, 17 Oct 2017 09:14:31 -0300
  • icu (55.1-7ubuntu0.2) xenial-security; urgency=medium
    
      * SECURITY UPDATE: out-of-bounds write in common/utext.cpp
        (LP: #1684298)
        - debian/patches/CVE-2017-786x.patch: properly handle chunk size in
          source/common/utext.cpp, added test to
          source/test/intltest/utxttest.cpp, source/test/intltest/utxttest.h.
        - CVE-2017-7867
        - CVE-2017-7868
    
     -- Marc Deslauriers <email address hidden>  Tue, 02 May 2017 08:35:09 -0400
  • icu (55.1-7ubuntu0.1) xenial-security; urgency=medium
    
      * SECURITY UPDATE: Multiple security issues. Synchronize security fixes
        with Debian's 52.1-8+deb8u4 release. Thanks to Laszlo Boszormenyi for
        the work this update is based on.
        - debian/patches/CVE-2015-4844.patch
        - debian/patches/CVE-2016-0494.patch
        - debian/patches/CVE-2016-6293.patch
        - debian/patches/CVE-2016-7415.patch
        - CVE-2015-4844
        - CVE-2016-0494
        - CVE-2016-6293
        - CVE-2016-7415
    
     -- Marc Deslauriers <email address hidden>  Fri, 10 Mar 2017 11:29:45 -0500
  • icu (55.1-7) unstable; urgency=high
    
      * Fix CVE-2015-2632 vulnerability.
    
     -- Laszlo Boszormenyi (GCS) <email address hidden>  Sun, 03 Jan 2016 16:44:55 +0100
  • icu (55.1-6ubuntu1) xenial; urgency=medium
    
      * Merge from Debian unstable, remaining changes:
        - debian/patches/CVE-2015-2632.patch
    
    icu (55.1-6) unstable; urgency=low
    
      * Don't force libicu-dev to depend on g++ (closes: #799100, #799101).
    
    icu (55.1-5) unstable; urgency=high
    
      * Correct patch for CVE-2015-1270 (closes: #798647).
    
     -- Marc Deslauriers <email address hidden>  Fri, 20 Nov 2015 09:02:03 -0500
  • icu (55.1-4ubuntu1) wily; urgency=medium
    
      * SECURITY UPDATE: denial of service via mishandling of converter names
        with initial x- substrings
        - debian/patches/CVE-2015-1270.patch: fix patch so it actually applies.
        - CVE-2015-1270
      * SECURITY UPDATE: information disclosure via overflows
        - debian/patches/CVE-2015-2632.patch: properly calculate index in
          source/layout/Features.cpp, check for overflows in
          source/layout/LETableReference.h.
        - CVE-2015-2632
    
     -- Marc Deslauriers <email address hidden>  Fri, 11 Sep 2015 08:24:31 -0400