On Fri, Nov 25, 2016 at 7:01 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > On Fri, Nov 18, 2016 at 06:38:57PM +0100, László Böszörményi wrote: > According to upstream this has been fixed in 58.1 upstream. The bug is > still not public, but this is as by > https://sites.google.com/site/icusite/security . Seen that some minutes ago - but still don't have any clue why ICU upstream keep the actual fixing commit secret. Will check commits one by one, the question is, if I find a suspected fix, may you or anyone else from the Security Team double check it?
Thanks, Laszlo/GCS