Control: tags 892766 + upstream fixed-upstream Hi Moritz, hi Laszlo,
On Mon, Mar 12, 2018 at 07:54:37PM +0100, Moritz Muehlenhoff wrote: > Source: icu > Severity: grave > Tags: security > > Hi Laszlo, > https://chromereleases.googleblog.com/2017/12/stable-channel-update-for-desktop.html > refers to a ICU vulnerability, but there's little information what > fixes/fixed that. > > Could you reach out to upstream whether they've been in touch with them so > that > we can pinpoint this a specific task/commit? The upstream issue is now accessible, at https://bugs.chromium.org/p/chromium/issues/detail?id=774382 which refers to the interger overflow related to the persian calendar integer overflow, leading to oob read. The comment #16 indicates which change fixed the bug: https://bugs.chromium.org/p/chromium/issues/detail?id=774382#c16 which in turns would be integrated in the following upstream change: https://ssl.icu-project.org/trac/changeset/40654 Regards, Salvatore