Bug#1107856: bookworm-pu: package icu/72.1-3+deb12u1

To: Adrian Bunk <bunk@debian.org>, 1107856@bugs.debian.org
Cc: team@security.debian.org
Subject: Bug#1107856: bookworm-pu: package icu/72.1-3+deb12u1
From: Moritz Mühlenhoff <jmm@inutil.org>
Date: Sun, 22 Jun 2025 20:42:44 +0200
Message-id: <[🔎] aFhOpBkx88zG7vA-@pisco.westfalen.local>
Reply-to: Moritz Mühlenhoff <jmm@inutil.org>, 1107856@bugs.debian.org
In-reply-to: <[🔎] 175002857701.792445.12938157535897628053.reportbug@localhost>
References: <[🔎] 175002857701.792445.12938157535897628053.reportbug@localhost> <[🔎] 175002857701.792445.12938157535897628053.reportbug@localhost>

Am Mon, Jun 16, 2025 at 02:02:57AM +0300 schrieb Adrian Bunk:
> Package: release.debian.org
> Severity: normal
> Tags: bookworm moreinfo
> User: release.debian.org@packages.debian.org
> Usertags: pu
> X-Debbugs-Cc: icu@packages.debian.org, security@debian.org
> Control: affects -1 + src:icu
> 
>   * CVE-2025-5222: Stack-based buffer overflow (Closes: #1106684)
> 
> Tagged moreinfo, as question to the security team whether they want
> this in pu or as DSA.

We should fix this via bookworm-security. Thanks for preparing a debdiff!

The patch looks good, please build with -sa and upload to security-master

Cheers,
        Moritz

Reply to:

References:
- Bug#1107856: bookworm-pu: package icu/72.1-3+deb12u1
  - From: Adrian Bunk <bunk@debian.org>

Prev by Date: Bug#1108189: unblock: racket/8.16+dfsg1-3
Next by Date: Bug#1108193: apt: Ordering issue with libc6:i386 on amd64-m-a system breaks partial upgrade ("just apt and dpkg") from bookworm to trixie
Previous by thread: Bug#1107856: bookworm-pu: package icu/72.1-3+deb12u1
Next by thread: Bug#1107861: unblock: rtags/2.38-12, virtualenvwrapper-el/0.2.0-3
Index(es):
- Date
- Thread