UbuntuUpdates.org

Package "icu"

Name: icu

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • API documentation for ICU classes and functions
  • Development files for International Components for Unicode
  • International Components for Unicode
  • International Components for Unicode

Latest version: 4.8.1.1-3ubuntu0.10
Release: precise (12.04)
Level: security
Repository: main

Links



Other versions of "icu" in Precise

Repository Area Version
base main 4.8.1.1-3
updates main 4.8.1.1-3ubuntu0.10
PPA: LibreOffice 4.8.1.1-13+nmu1ubuntu1~precise1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 4.8.1.1-3ubuntu0.3 2015-03-05 14:06:26 UTC

  icu (4.8.1.1-3ubuntu0.3) precise-security; urgency=medium

  * SECURITY UPDATE: multiple issues via incorrect font file parsing
    - debian/patches/layoutengine-security.patch: backport a whole new
      layout engine to source/layout/*, as provided by upstream.
    - CVE-2013-1569
    - CVE-2013-2383
    - CVE-2013-2384
    - CVE-2013-2419
  * SECURITY UPDATE: information disclosure via incorrect font file parsing
    - debian/patches/CVE-2014-65xx.patch: add checks to
      source/layout/ContextualSubstSubtables.cpp,
      source/layout/CursiveAttachmentSubtables.cpp,
      source/layout/Features.cpp,
      source/layout/LETableReference.h,
      source/layout/LigatureSubstSubtables.cpp,
      source/layout/MultipleSubstSubtables.cpp.
    - CVE-2014-6585
    - CVE-2014-6591
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7923.patch: add limits to
      source/i18n/regexcmp.cpp, add test to
      source/test/testdata/regextst.txt.
    - CVE-2014-7923
  * SECURITY UPDATE: denial of service or possible code execution in
    regular expressions
    - debian/patches/CVE-2014-7926.patch: fix incorrect optimization in
      source/i18n/regexcmp.cpp, fix comment in source/i18n/regexcmp.h,
      add test to source/test/testdata/regextst.txt.
    - CVE-2014-7926
  * SECURITY UPDATE: denial of service or possible code execution via
    uninitialized memory in the collator implementation
    - debian/patches/CVE-2014-7940.patch: properly handle memory in
      source/i18n/ucol.cpp.
    - CVE-2014-7940
  * SECURITY UPDATE: denial of service via incorrect pattern size limits
    - debian/patches/CVE-2014-9654.patch: fix case insensitive matches and
      check limits in source/common/unicode/utypes.h,
      source/common/utypes.c,
      source/i18n/regexcmp.cpp, source/i18n/regexcmp.h,
      source/i18n/regeximp.h, source/i18n/i18n.vcxproj.filters,
      source/i18n/unicode/regex.h, source/i18n/regeximp.cpp,
      source/i18n/rematch.cpp, source/i18n/i18n.vcxproj,
      source/i18n/Makefile.in, added tests to
      source/test/intltest/regextst.cpp, source/test/intltest/regextst.h,
      source/test/testdata/regextst.txt.
    - CVE-2014-9654
  * debian/rules: added cdbs autotools rule and adjust DEB_SRCDIR so test
    suite gets run during build.
  * debian/patches/two-digit-year-test.patch: fix test suite failure.
 -- Marc Deslauriers <email address hidden> Wed, 04 Mar 2015 11:14:58 -0500

Source diff to previous version
CVE-2013-1569 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
CVE-2013-2383 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
CVE-2013-2384 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
CVE-2013-2419 Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0
CVE-2014-6585 Unspecified vulnerability in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality via unknown vectors reelat
CVE-2014-6591 Unspecified vulnerability in the Java SE component in Oracle Java SE 5.0u75, 6u85, 7u72, and 8u25 allows remote attackers to affect confidentiality v
CVE-2014-7923 The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.221
CVE-2014-7926 The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.221
CVE-2014-7940 The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome b

Version: 4.8.1.1-3ubuntu0.1 2013-10-15 17:07:31 UTC

  icu (4.8.1.1-3ubuntu0.1) precise-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    race condition.
    - debian/patches/CVE-2013-0900.patch: fix thread safety issue in
      source/common/locid.cpp, source/common/unicode/locid.h.
    - CVE-2013-0900
  * SECURITY UPDATE: denial of service and possible code execution via
    use after free.
    - debian/patches/CVE-2013-2924.patch: check lengths in
      source/i18n/csrucode.cpp.
    - CVE-2013-2924
 -- Marc Deslauriers <email address hidden> Thu, 10 Oct 2013 10:40:19 -0400

CVE-2013-0900 Race condition in the International Components for Unicode (ICU) functionality in Google Chrome before 25.0.1364.97 on Windows and Linux, and before
CVE-2013-2924 Use-after-free vulnerability in International Components for Unicode ...



About   -   Send Feedback to @ubuntu_updates