Bug#775968: marked as done (unblock: icu/52.1-7)

[owner@bugs.debian.org (Debian Bug Tracking System)]

Your message dated Thu, 22 Jan 2015 13:22:30 +0000
with message-id <20150122132230.GD29173@lupin.home.powdarrmonkey.net>
and subject line Re: Bug#775968: unblock: icu/52.1-7
has caused the Debian Bug report #775968,
regarding unblock: icu/52.1-7
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
775968: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775968
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

• To: Debian Bug Tracking System <submit@bugs.debian.org>
• Subject: unblock: icu/52.1-7
• From: Jay Berkenbilt <qjb@debian.org>
• Date: Wed, 21 Jan 2015 22:05:17 -0500
• Message-id: <[🔎] 20150121220517.0214520242.qww314159@soup.appiancorp.com>

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package icu

A small, localized fix to ICU fixes CVE-2014-6591 and CVE-2014-6585. ICU
passes its test suite after application of this patch. The security team
requested that this be included for Jessie. See
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884 for additional
details.

unblock icu/52.1-7

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (200, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

diff -Nru icu-52.1/debian/changelog icu-52.1/debian/changelog
--- icu-52.1/debian/changelog	2014-09-29 10:27:22.000000000 -0400
+++ icu-52.1/debian/changelog	2015-01-21 21:47:39.000000000 -0500
@@ -1,3 +1,10 @@
+icu (52.1-7) unstable; urgency=high
+
+  * Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug.
+    (Closes: #775884)
+
+ -- Jay Berkenbilt <qjb@debian.org>  Wed, 21 Jan 2015 21:33:19 -0500
+
 icu (52.1-6) unstable; urgency=medium
 
   * Ensure that only flags intended to be set by users make it into
diff -Nru icu-52.1/debian/patches/CVE-2014-6591.patch icu-52.1/debian/patches/CVE-2014-6591.patch
--- icu-52.1/debian/patches/CVE-2014-6591.patch	1969-12-31 19:00:00.000000000 -0500
+++ icu-52.1/debian/patches/CVE-2014-6591.patch	2015-01-21 21:47:39.000000000 -0500
@@ -0,0 +1,59 @@
+Description: fix ICU font parsing problem
+Bug-Debian: http://bugs.debian.org/775884
+Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6591
+
+Index: icu/source/layout/CursiveAttachmentSubtables.cpp
+===================================================================
+--- icu.orig/source/layout/CursiveAttachmentSubtables.cpp
++++ icu/source/layout/CursiveAttachmentSubtables.cpp
+@@ -20,6 +20,9 @@ le_uint32 CursiveAttachmentSubtable::pro
+     le_int32  coverageIndex = getGlyphCoverage(base, glyphID, success);
+     le_uint16 eeCount       = SWAPW(entryExitCount);
+ 
++    LEReferenceToArrayOf<EntryExitRecord>
++        entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex);
++
+     if (coverageIndex < 0 || coverageIndex >= eeCount) {
+         glyphIterator->setCursiveGlyph();
+         return 0;
+Index: icu/source/layout/Features.cpp
+===================================================================
+--- icu.orig/source/layout/Features.cpp
++++ icu/source/layout/Features.cpp
+@@ -15,6 +15,9 @@ U_NAMESPACE_BEGIN
+ 
+ LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const
+ {
++    LEReferenceToArrayOf<FeatureRecord>
++        featureRecordArrayRef(base, success, featureRecordArray, featureIndex);
++
+   if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) {
+     return LEReferenceTo<FeatureTable>();
+   }
+Index: icu/source/layout/LigatureSubstSubtables.cpp
+===================================================================
+--- icu.orig/source/layout/LigatureSubstSubtables.cpp
++++ icu/source/layout/LigatureSubstSubtables.cpp
+@@ -27,6 +27,9 @@ le_uint32 LigatureSubstitutionSubtable::
+             Offset ligTableOffset = SWAPW(ligSetTable->ligatureTableOffsetArray[lig]);
+             const LigatureTable *ligTable = (const LigatureTable *) ((char *)ligSetTable + ligTableOffset);
+             le_uint16 compCount = SWAPW(ligTable->compCount) - 1;
++            LEReferenceToArrayOf<TTGlyphID>
++                componentArrayRef(base, success, ligTable->componentArray, compCount);
++            if (LE_FAILURE(success)) { return 0; }
+             le_int32 startPosition = glyphIterator->getCurrStreamPosition();
+             TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph);
+             le_uint16 comp;
+Index: icu/source/layout/MultipleSubstSubtables.cpp
+===================================================================
+--- icu.orig/source/layout/MultipleSubstSubtables.cpp
++++ icu/source/layout/MultipleSubstSubtables.cpp
+@@ -35,6 +35,8 @@ le_uint32 MultipleSubstitutionSubtable::
+ 
+     le_int32 coverageIndex = getGlyphCoverage(base, glyph, success);
+     le_uint16 seqCount = SWAPW(sequenceCount);
++    LEReferenceToArrayOf<Offset>
++        sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount);
+ 
+     if (coverageIndex >= 0 && coverageIndex < seqCount) {
+         Offset sequenceTableOffset = SWAPW(sequenceTableOffsetArray[coverageIndex]);
diff -Nru icu-52.1/debian/patches/series icu-52.1/debian/patches/series
--- icu-52.1/debian/patches/series	2014-09-29 10:27:22.000000000 -0400
+++ icu-52.1/debian/patches/series	2015-01-21 21:47:39.000000000 -0500
@@ -6,3 +6,4 @@
 mlym-crash.patch
 two-digit-year-test.patch
 icu-config.patch
+CVE-2014-6591.patch

--- End Message ---

--- Begin Message ---

• To: Jay Berkenbilt <qjb@debian.org>, 775968-done@bugs.debian.org
• Subject: Re: Bug#775968: unblock: icu/52.1-7
• From: Jonathan Wiltshire <jmw@debian.org>
• Date: Thu, 22 Jan 2015 13:22:30 +0000
• Message-id: <20150122132230.GD29173@lupin.home.powdarrmonkey.net>
• In-reply-to: <[🔎] 20150121220517.0214520242.qww314159@soup.appiancorp.com>
• References: <[🔎] 20150121220517.0214520242.qww314159@soup.appiancorp.com>

On Wed, Jan 21, 2015 at 10:05:17PM -0500, Jay Berkenbilt wrote:
> A small, localized fix to ICU fixes CVE-2014-6591 and CVE-2014-6585. ICU
> passes its test suite after application of this patch. The security team
> requested that this be included for Jessie. See
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884 for additional
> details.

Unblocked.

-- 
Jonathan Wiltshire                                      jmw@debian.org
Debian Developer                         http://people.debian.org/~jmw

4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC  74C3 5394 479D D352 4C51

Attachment: signature.asc
Description: Digital signature

--- End Message ---