Your message dated Thu, 22 Jan 2015 13:22:30 +0000 with message-id <20150122132230.GD29173@lupin.home.powdarrmonkey.net> and subject line Re: Bug#775968: unblock: icu/52.1-7 has caused the Debian Bug report #775968, regarding unblock: icu/52.1-7 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 775968: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775968 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: unblock: icu/52.1-7
- From: Jay Berkenbilt <qjb@debian.org>
- Date: Wed, 21 Jan 2015 22:05:17 -0500
- Message-id: <[🔎] 20150121220517.0214520242.qww314159@soup.appiancorp.com>
Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package icu A small, localized fix to ICU fixes CVE-2014-6591 and CVE-2014-6585. ICU passes its test suite after application of this patch. The security team requested that this be included for Jessie. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884 for additional details. unblock icu/52.1-7 -- System Information: Debian Release: jessie/sid APT prefers unstable APT policy: (500, 'unstable'), (200, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.14-2-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dashdiff -Nru icu-52.1/debian/changelog icu-52.1/debian/changelog --- icu-52.1/debian/changelog 2014-09-29 10:27:22.000000000 -0400 +++ icu-52.1/debian/changelog 2015-01-21 21:47:39.000000000 -0500 @@ -1,3 +1,10 @@ +icu (52.1-7) unstable; urgency=high + + * Patch to CVE-2014-6591, CVE-2014-6585 a font parsing bug. + (Closes: #775884) + + -- Jay Berkenbilt <qjb@debian.org> Wed, 21 Jan 2015 21:33:19 -0500 + icu (52.1-6) unstable; urgency=medium * Ensure that only flags intended to be set by users make it into diff -Nru icu-52.1/debian/patches/CVE-2014-6591.patch icu-52.1/debian/patches/CVE-2014-6591.patch --- icu-52.1/debian/patches/CVE-2014-6591.patch 1969-12-31 19:00:00.000000000 -0500 +++ icu-52.1/debian/patches/CVE-2014-6591.patch 2015-01-21 21:47:39.000000000 -0500 @@ -0,0 +1,59 @@ +Description: fix ICU font parsing problem +Bug-Debian: http://bugs.debian.org/775884 +Bug-RedHat: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6591 + +Index: icu/source/layout/CursiveAttachmentSubtables.cpp +=================================================================== +--- icu.orig/source/layout/CursiveAttachmentSubtables.cpp ++++ icu/source/layout/CursiveAttachmentSubtables.cpp +@@ -20,6 +20,9 @@ le_uint32 CursiveAttachmentSubtable::pro + le_int32 coverageIndex = getGlyphCoverage(base, glyphID, success); + le_uint16 eeCount = SWAPW(entryExitCount); + ++ LEReferenceToArrayOf<EntryExitRecord> ++ entryExitRecordsArrayRef(base, success, entryExitRecords, coverageIndex); ++ + if (coverageIndex < 0 || coverageIndex >= eeCount) { + glyphIterator->setCursiveGlyph(); + return 0; +Index: icu/source/layout/Features.cpp +=================================================================== +--- icu.orig/source/layout/Features.cpp ++++ icu/source/layout/Features.cpp +@@ -15,6 +15,9 @@ U_NAMESPACE_BEGIN + + LEReferenceTo<FeatureTable> FeatureListTable::getFeatureTable(const LETableReference &base, le_uint16 featureIndex, LETag *featureTag, LEErrorCode &success) const + { ++ LEReferenceToArrayOf<FeatureRecord> ++ featureRecordArrayRef(base, success, featureRecordArray, featureIndex); ++ + if (featureIndex >= SWAPW(featureCount) || LE_FAILURE(success)) { + return LEReferenceTo<FeatureTable>(); + } +Index: icu/source/layout/LigatureSubstSubtables.cpp +=================================================================== +--- icu.orig/source/layout/LigatureSubstSubtables.cpp ++++ icu/source/layout/LigatureSubstSubtables.cpp +@@ -27,6 +27,9 @@ le_uint32 LigatureSubstitutionSubtable:: + Offset ligTableOffset = SWAPW(ligSetTable->ligatureTableOffsetArray[lig]); + const LigatureTable *ligTable = (const LigatureTable *) ((char *)ligSetTable + ligTableOffset); + le_uint16 compCount = SWAPW(ligTable->compCount) - 1; ++ LEReferenceToArrayOf<TTGlyphID> ++ componentArrayRef(base, success, ligTable->componentArray, compCount); ++ if (LE_FAILURE(success)) { return 0; } + le_int32 startPosition = glyphIterator->getCurrStreamPosition(); + TTGlyphID ligGlyph = SWAPW(ligTable->ligGlyph); + le_uint16 comp; +Index: icu/source/layout/MultipleSubstSubtables.cpp +=================================================================== +--- icu.orig/source/layout/MultipleSubstSubtables.cpp ++++ icu/source/layout/MultipleSubstSubtables.cpp +@@ -35,6 +35,8 @@ le_uint32 MultipleSubstitutionSubtable:: + + le_int32 coverageIndex = getGlyphCoverage(base, glyph, success); + le_uint16 seqCount = SWAPW(sequenceCount); ++ LEReferenceToArrayOf<Offset> ++ sequenceTableOffsetArrayRef(base, success, sequenceTableOffsetArray, seqCount); + + if (coverageIndex >= 0 && coverageIndex < seqCount) { + Offset sequenceTableOffset = SWAPW(sequenceTableOffsetArray[coverageIndex]); diff -Nru icu-52.1/debian/patches/series icu-52.1/debian/patches/series --- icu-52.1/debian/patches/series 2014-09-29 10:27:22.000000000 -0400 +++ icu-52.1/debian/patches/series 2015-01-21 21:47:39.000000000 -0500 @@ -6,3 +6,4 @@ mlym-crash.patch two-digit-year-test.patch icu-config.patch +CVE-2014-6591.patch
--- End Message ---
--- Begin Message ---
- To: Jay Berkenbilt <qjb@debian.org>, 775968-done@bugs.debian.org
- Subject: Re: Bug#775968: unblock: icu/52.1-7
- From: Jonathan Wiltshire <jmw@debian.org>
- Date: Thu, 22 Jan 2015 13:22:30 +0000
- Message-id: <20150122132230.GD29173@lupin.home.powdarrmonkey.net>
- In-reply-to: <[🔎] 20150121220517.0214520242.qww314159@soup.appiancorp.com>
- References: <[🔎] 20150121220517.0214520242.qww314159@soup.appiancorp.com>
On Wed, Jan 21, 2015 at 10:05:17PM -0500, Jay Berkenbilt wrote: > A small, localized fix to ICU fixes CVE-2014-6591 and CVE-2014-6585. ICU > passes its test suite after application of this patch. The security team > requested that this be included for Jessie. See > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775884 for additional > details. Unblocked. -- Jonathan Wiltshire jmw@debian.org Debian Developer http://people.debian.org/~jmw 4096R: 0xD3524C51 / 0A55 B7C5 1223 3942 86EC 74C3 5394 479D D352 4C51Attachment: signature.asc
Description: Digital signature
--- End Message ---