Your message dated Thu, 22 Jan 2015 03:19:07 +0000
with message-id <[email protected]>
and subject line Bug#775884: fixed in icu 52.1-7
has caused the Debian Bug report #775884,
regarding CVE-2014-6591 CVE-2014-6585
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
775884: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: icu
Severity: important
Tags: security
Hi,
the issue CVE-2014-6585 from today's Oracle patch update
(http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html)
is actually a vulnerability in ICU (since Java embeds a copy). Red Hat
has tracked this down further and isolated the patch, please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6591 for more
details. The patch isn't in ICU trunk yet, so please forward it
upstream unless they are not aware of it yet. It would be nice to
get that fixed in jessie.
Cheers,
Moritz
--- End Message ---
--- Begin Message ---
Source: icu
Source-Version: 52.1-7
We believe that the bug you reported is fixed in the latest version of
icu, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jay Berkenbilt <[email protected]> (supplier of updated icu package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 21 Jan 2015 21:33:19 -0500
Source: icu
Binary: libicu52 libicu52-dbg libicu-dev icu-devtools icu-doc
Architecture: source all amd64
Version: 52.1-7
Distribution: unstable
Urgency: high
Maintainer: Jay Berkenbilt <[email protected]>
Changed-By: Jay Berkenbilt <[email protected]>
Description:
icu-devtools - Development utilities for International Components for Unicode
icu-doc - API documentation for ICU classes and functions
libicu-dev - Development files for International Components for Unicode
libicu52 - International Components for Unicode
libicu52-dbg - International Components for Unicode
Closes: 775884
Changes:
icu (52.1-7) unstable; urgency=high
.
* Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug.
(Closes: #775884)
Checksums-Sha1:
f0dbba05eba9721ec04f84db8f2b4f0f420b4ae7 1961 icu_52.1-7.dsc
456fb0b7a0554d8615b4ee50c16e174df4aa84b1 18704 icu_52.1-7.debian.tar.xz
29ad699707fbcb4b440f37104f408403c799783c 2544878 icu-doc_52.1-7_all.deb
c6877486f88dca5f3cd992b56ada303323363179 6786760 libicu52_52.1-7_amd64.deb
6be8fca98afab80da9f50d123d6888ebab0fe25d 5930950 libicu52-dbg_52.1-7_amd64.deb
ee2152ef4bc8223dbcca2693a4bf24ceef459b99 7633224 libicu-dev_52.1-7_amd64.deb
8b990b0b82059d0d58422e9c0952ec341fab1ef2 171456 icu-devtools_52.1-7_amd64.deb
Checksums-Sha256:
e469ce5c2b1ccdcde9df886199133e3b524e2bfaeb86bed82656eef50a563c2e 1961
icu_52.1-7.dsc
fedb8bcab4e66eb28516bac931f31c806d26358629253fb2bb4966ad24776b7b 18704
icu_52.1-7.debian.tar.xz
9670a9ca1030c397b7d1c2ef96529cbc97a18abe6e523529ca8f21624936b378 2544878
icu-doc_52.1-7_all.deb
d4486ede8530ec157f5c45a1c447a64742c08e0e6d54d9cf70e37fd1b4395991 6786760
libicu52_52.1-7_amd64.deb
aaa26a4d43a2545da51119c7db21813736e8141982a452051c071df2bb2f74c5 5930950
libicu52-dbg_52.1-7_amd64.deb
33a24a15ecc1b26bd771ab5accdee82153c0af4c415f1a1ceed93175822267fa 7633224
libicu-dev_52.1-7_amd64.deb
ed1b3bb171411104d5e76d898ac995fcdb48e71260879693c6859815a6b90416 171456
icu-devtools_52.1-7_amd64.deb
Files:
b7d645f747ea08e6f3dd971581062c65 1961 libs optional icu_52.1-7.dsc
aaf13afa697a88bfe9e07e539a6c14cc 18704 libs optional icu_52.1-7.debian.tar.xz
0341ec919f2c74059cd1ad9bdd4b0acc 2544878 doc optional icu-doc_52.1-7_all.deb
3d21073f4e9ca7d0fe9d435d8496bebd 6786760 libs optional
libicu52_52.1-7_amd64.deb
6d49a8d7e9fb32f7591488a84f194187 5930950 debug extra
libicu52-dbg_52.1-7_amd64.deb
20992ab90ad45251b54dc619a4acca10 7633224 libdevel optional
libicu-dev_52.1-7_amd64.deb
c64aa2216b86cf711767443527d7ce50 171456 libdevel optional
icu-devtools_52.1-7_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBAgAGBQJUwGi+AAoJEIp10QmYASx+8HkQALBUSHt2IcdfOt5N9CM0/JRx
y8bg6HxtKts9saGtf2IPrcBDu9DqhebgwPaXgH5zPi7nJK5D8H0UpX9H9Q+c86qU
Dims+NIBVSqHtvfhafidmg710jdJ4DBhrHITDHhR6tQBuLXoLZXqturGutXQhCpY
KUaNmGb3DEd2nr+sq6v90CJPFwwxpbLZWtHsVq8moMvFg4eVIhjgcYAfzFqaoJSv
RbIKf6WtvsPQ0oPIsqHs5omQeh5o36keRll4i1S1J9JU1hr3z4W0BGVdyUh7rPdz
2zlmBx1WPJoLSa8aqx12md5uM4NhWF4pvve/4BWVziRzT8ubleKtOUhDvfNViPHP
hBskjbWU+o7w1tEmtW4++4NY0JmVOxYaMBiTME0GpjNC8UchaikyTeAxUXbjcjYV
luA9BFRa6gSYv3MexF53R0AGPwTKKC2kavYs0PKJJhwjbvZtpuLjHTJLU9Aq5a2p
Tj8Icnf7hqmEw6jhOxUJUPP3tQ+EvRSTWzJmH5Rej+mTDWgQi9+g45TDLk7d95Yh
h4cGN5RVlKpMYy9i4C1FyQlVZJ0WsEsL+aZA/oa5Axi3dswKnWZQM2nsRJKD+jHS
xldJb+Xu9l8FD1Mr59kIMdlweZHdzUEMYH7EhibihBmpTtkEbOyESAR47k7balm2
6k9AIfv+n3EMstlDeGe7
=4IMU
-----END PGP SIGNATURE-----
--- End Message ---