Bug#880861: jessie-pu: package icu/52.1-8+deb8u6
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi OSRMs,
There's a security vulnerability[1] in ICU - International Components
for Unicode, which doesn't warrant a DSA. It's an one line change and
would be good to have it for Jessie.
Thanks for considering,
Laszlo/GCS
[1] https://security-tracker.debian.org/tracker/CVE-2017-14952
diff -Nru icu-52.1/debian/changelog icu-52.1/debian/changelog
--- icu-52.1/debian/changelog 2017-04-17 08:41:59.000000000 +0000
+++ icu-52.1/debian/changelog 2017-10-24 17:28:29.000000000 +0000
@@ -1,3 +1,10 @@
+icu (52.1-8+deb8u6) jessie; urgency=high
+
+ * Backport upstream security fix for CVE-2017-14952: double free in
+ createMetazoneMappings() (closes: #878840).
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org> Tue, 24 Oct 2017 17:28:29 +0000
+
icu (52.1-8+deb8u5) jessie-security; urgency=high
* Backport upstream security fix for CVE-2017-7867 and CVE-2017-7868,
diff -Nru icu-52.1/debian/patches/CVE-2017-14952.patch icu-52.1/debian/patches/CVE-2017-14952.patch
--- icu-52.1/debian/patches/CVE-2017-14952.patch 1970-01-01 00:00:00.000000000 +0000
+++ icu-52.1/debian/patches/CVE-2017-14952.patch 2017-10-24 17:28:29.000000000 +0000
@@ -0,0 +1,10 @@
+Index: source/i18n/zonemeta.cpp
+===================================================================
+--- a/source/i18n/zonemeta.cpp (revision 40283)
++++ b/source/i18n/zonemeta.cpp (revision 40324)
+@@ -686,5 +686,4 @@
+ if (U_FAILURE(status)) {
+ delete mzMappings;
+- deleteOlsonToMetaMappingEntry(entry);
+ uprv_free(entry);
+ break;
diff -Nru icu-52.1/debian/patches/series icu-52.1/debian/patches/series
--- icu-52.1/debian/patches/series 2017-04-17 08:41:59.000000000 +0000
+++ icu-52.1/debian/patches/series 2017-10-24 17:28:29.000000000 +0000
@@ -24,3 +24,4 @@
CVE-2016-6293.patch
CVE-2016-7415.patch
CVE-2017-7867_CVE-2017-7868.patch
+CVE-2017-14952.patch
Reply to: