*** This bug is a security vulnerability *** Public security bug reported:
Date Reported: 19 Apr 2017 Security database references: In the Debian bugtracking system: 860314. In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868. More information: It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u5. ** Affects: icu (Ubuntu) Importance: Undecided Status: New ** Information type changed from Public to Public Security ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7867 ** CVE added: http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=2017-7868 ** Description changed: Date Reported: 19 Apr 2017 Security database references: - In the Debian bugtracking system: Bug 860314. + In the Debian bugtracking system: 860314. In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868. More information: It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u5. ** Summary changed: - Security issues (solved in Debian) + Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to icu in Ubuntu. https://bugs.launchpad.net/bugs/1684298 Title: Security issues (solved in Debian) - affecting icu 52.1-3ubuntu0.5 trusty Status in icu package in Ubuntu: New Bug description: Date Reported: 19 Apr 2017 Security database references: In the Debian bugtracking system: 860314. In Mitre's CVE dictionary: CVE-2017-7867, CVE-2017-7868. More information: It was discovered that icu, the International Components for Unicode library, did not correctly validate its input. An attacker could use this problem to trigger an out-of-bound write through a heap-based buffer overflow, thus causing a denial of service via application crash, or potential execution of arbitrary code. For the stable distribution (jessie), these problems have been fixed in version 52.1-8+deb8u5. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/icu/+bug/1684298/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp