Bug#726477: marked as done (icu: CVE-2013-2924)

Sat, 26 Oct 2013 21:36:38 -0700 

Your message dated Sun, 27 Oct 2013 04:33:41 +0000
with message-id <[email protected]>
and subject line Bug#726477: fixed in icu 4.8.1.1-13+nmu1
has caused the Debian Bug report #726477,
regarding icu: CVE-2013-2924
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
726477: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=726477
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: icu
Severity: grave
Tags: security
Justification: user security hole

The Chrome developers found a security issue in the included ICU:
http://googlechromereleases.blogspot.de/2013/10/stable-channel-update.html

The bug http://bugs.icu-project.org/trac/ticket/10318 is restricted, but
the patch can be found here:
https://ssl.icu-project.org/trac/changeset/34076

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: icu
Source-Version: 4.8.1.1-13+nmu1

We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Gilbert <[email protected]> (supplier of updated icu package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Sun, 27 Oct 2013 03:49:58 +0000
Source: icu
Binary: libicu48 libicu48-dbg libicu-dev icu-devtools icu-doc
Architecture: source all amd64
Version: 4.8.1.1-13+nmu1
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Michael Gilbert <[email protected]>
Description: 
 icu-devtools - Development utilities for International Components for Unicode
 icu-doc    - API documentation for ICU classes and functions
 libicu-dev - Development files for International Components for Unicode
 libicu48   - International Components for Unicode
 libicu48-dbg - International Components for Unicode
Closes: 726477
Changes: 
 icu (4.8.1.1-13+nmu1) unstable; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fix cve-2013-2924: use-after-free issue in csrucode.cpp (closes: #726477).
Checksums-Sha1: 
 4a9d7e12bb910e1dea7af6eec5cfeff4d0c530b5 2696 icu_4.8.1.1-13+nmu1.dsc
 4adce542ee1cb5298b91f4ca1a23990a8ae77429 22507 
icu_4.8.1.1-13+nmu1.debian.tar.gz
 901098ed3b51441515df4620b2b85857fe645071 1913418 
icu-doc_4.8.1.1-13+nmu1_all.deb
 10612759c9d61dc179f3a06654b82d3da82cd0c9 4739920 
libicu48_4.8.1.1-13+nmu1_amd64.deb
 8fb5b1809fb8b6c2fae9f2a083a9a0f25fd7e330 4702976 
libicu48-dbg_4.8.1.1-13+nmu1_amd64.deb
 a40d84e29f833ecf27c70cca06d7f2262a120a02 5580260 
libicu-dev_4.8.1.1-13+nmu1_amd64.deb
 1b0c8aa0477de32dd93652bbed9bed20e034eafa 164832 
icu-devtools_4.8.1.1-13+nmu1_amd64.deb
Checksums-Sha256: 
 3739bec292d3108a45b30ea9aa28e26c7b9c2bc9be66d4ea2a0603c052d8f147 2696 
icu_4.8.1.1-13+nmu1.dsc
 2ff3dd59c63f60a09afc530c43df85cbd0bce8f1a0e312c012f2a41ba874accd 22507 
icu_4.8.1.1-13+nmu1.debian.tar.gz
 c71dcc2392d3cc15d4f95c7ae437ff3c69fb39c298f439b9012995e3cfa7331a 1913418 
icu-doc_4.8.1.1-13+nmu1_all.deb
 18b3ff5e594c76d3e0c3046d0c2017af31e68d2af3c04a72ce9da1b15a976403 4739920 
libicu48_4.8.1.1-13+nmu1_amd64.deb
 01a4ef5b232b84a24392266945be8ccba869442c87bfa91c48e697de86e59d6b 4702976 
libicu48-dbg_4.8.1.1-13+nmu1_amd64.deb
 d60262c05a941272aa2e06d21c16c47cf6be11a4157284637d8bdc91c4c29d76 5580260 
libicu-dev_4.8.1.1-13+nmu1_amd64.deb
 e39a310d8c899284e51f1fa2712b2e99f85433ee3c12daa4f98c8e95bab933bf 164832 
icu-devtools_4.8.1.1-13+nmu1_amd64.deb
Files: 
 f72ca154a0fb07dbde6d35e8aead1d9f 2696 libs optional icu_4.8.1.1-13+nmu1.dsc
 f763daa4684679f8cd485867d8f209d3 22507 libs optional 
icu_4.8.1.1-13+nmu1.debian.tar.gz
 6da00bf66c89b6d2d3c5e1075b447ef1 1913418 doc optional 
icu-doc_4.8.1.1-13+nmu1_all.deb
 9020d812e9e0d4334452895ebc5f4cc3 4739920 libs optional 
libicu48_4.8.1.1-13+nmu1_amd64.deb
 cf09847d19336c5dd88be11864692422 4702976 debug extra 
libicu48-dbg_4.8.1.1-13+nmu1_amd64.deb
 4384f18077ba0d63151d912ec0ef3a7c 5580260 libdevel optional 
libicu-dev_4.8.1.1-13+nmu1_amd64.deb
 166dcdcce46bfe39384d04131ca0fb1c 164832 libdevel optional 
icu-devtools_4.8.1.1-13+nmu1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)

iQQcBAEBCgAGBQJSbJYMAAoJELjWss0C1vRzFHcf/3cd9QXYkzn3rpXNavyPpaNh
k6FU1eg5u575FkfE+tUwRPlY+gYkBxO1Mfpyu1awSteqhxpLaagsSDgD/xjqwqOF
0JneoJ000fqAhnkW1favyod86nMsuMBUFet0tXr3iYkOoXBnn5cua5DsHgStElte
WmPDKXiePQ2w8t9zK0MPwji9asVbhnXj/wKZkpmOLZDIjwB+uFH4CxW8P9VVOoQV
nfds6dESdOiTSDbOsaDwgeNI0BjRovGbybXbiTsDfAsbVl70D7FvqCiQBK4IPiA2
uG2vL7Nt98HXtZQ+ZAJmp/Sunv4DIoxa0hOwe+u3fy4Y2lNOjtQwdLAmJQQNpXEh
gEnNaWMPrv6udT80ZIjr3am127AjGx7yBfsGrdBTY1ilrHg2v1NRCJ7oPGd1piUj
pP39h9E7QQ9Rg4boqB8NJJqeeFX2sPGdsjQR78lR3cMrYoQ0am2FAjBzEYFnDBom
XsNfMpuuFdcRhTATPmD0mmbIf/aXfEFBWkyDjYmWamuv8Hm7bV9dCFdirK1QvH7i
PORsE0sT2ivjnyJ67HCAzWsBzM2jsIseYfpWfmG4jTexT0+/JZk1wu30FV1GK95v
LRMPeMEE+QOhii/2peZGHWCphzp1ihsN1D9n+GalAQWzNV9La7E2sNI4h38vg5HO
R88Gqs+Z0Iy2EfjgHVq2B4N9pYCaW1bIIjEF8KUg/WR5tPOuvhllYuRycVn0w1nJ
VcbR1r/OKTLfXdwav6ENPjX+UNW6jdUPwJHhPJqlMXEkGdu4ax+T0IuWQ1DoeJSL
d81BsJ28kG9b7bTxyxSG89SokJmy2QajaOV57zNYRPV+v6TZi4ZoB0aZDE4ReYsM
inZoqu/NXWHT5QUyT5xkJEEmRqT9N1/txo5kMUlEd0VTeVwJzpmWARrNCmvBq4ZM
ByiSWKEkEN+sKnXOi4HvyK9nUKJIAA/tRv86FuM8If3uid3KUvVaCifRyFrRJSsQ
dnL9b/eAOLV7tyDxd+zah8XQyASJ98rja5amkMU+XZaJE4pIr/bnVYgtQb7L+Xk/
Ws0qbPXJIin9JXFTLHYSvSCfZiRm+EduYdWShwsSeFcHcxB2VpxuIsfqEz09xiDm
LSsK1b/ij9HHu/dYWhjH8VBicU5S8lo9lwXQAjgg1BUXN3WXYSAQ0Mwnp2ipHczS
ZPa7AwRB/cHdHkXwFCEDc7zH1UJtCK3HXukeiy1ZptM8eTKAZLwKBZUuKzE6GmS5
ilOW0APWdFuosuII5+7krABVTkUjJqeXKoZlSVtPAi0fETR+L4oKDKtWlIX9RY99
v7i+0J/mLp5buHQx7Ly8+EnoyP8G5OTW1tb8f4M9S9vmNEI+Z0FA/A/cvphv1wQ=
=bsez
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to