Summary: | <dev-libs/icu-51.2-r1 : Use-after-free vulnerability (CVE-2013-2924) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | GLSAMaker/CVETool Bot <glsamaker> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | ||||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
See Also: |
https://bugzilla.redhat.com/show_bug.cgi?id=1015594 http://code.google.com/p/chromium/issues/detail?id=275803 http://bugs.debian.org/702346 http://bugs.icu-project.org/trac/ticket/10318 |
||||||
Whiteboard: | A3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
GLSAMaker/CVETool Bot
2013-10-04 10:54:48 UTC
*** This bug has been marked as a duplicate of bug 486900 *** *** Bug 486900 has been marked as a duplicate of this bug. *** Created attachment 362224 [details, diff] changeset_34076.diff Upstream patch to address the issue. Taken from http://bugs.icu-project.org/trac/changeset/34076 What's the plan here? If you want to fast-stabilize a newer version I'd like to know asap, since I have to re-build libreoffice-bin because of poppler anyway. (In reply to Andreas K. Hüttel from comment #4) > What's the plan here? If you want to fast-stabilize a newer version I'd like > to know asap, since I have to re-build libreoffice-bin because of poppler > anyway. OK we're going with =dev-libs/icu-51.2-r1 Please do your security magic and have arches stabilize that. Arches please security-stabilize =dev-libs/icu-51.2-r1 Target: all stable arches amd64 stable ppc stable ppc64 stable x86 stable Current icu ebuild has wrong subslot and causes useless rebuild of libreoffice and several other packages: https://bugs.gentoo.org/show_bug.cgi?id=464876#c2 alpha stable arm stable Stable for HPPA. sparc stable I see depency conflict with bibtexu with newly stabilized ebuild, https://bugs.gentoo.org/show_bug.cgi?id=490459 ia64 stable. Maintainer(s), please cleanup. Security, please vote. GLSA vote: yes (In reply to Sergey Popov from comment #18) > GLSA vote: yes This is A. Please file the request or add to the existing. GLSA Request Filed All vulnerable versions removed from the tree. This issue was resolved and addressed in GLSA 201402-14 at http://security.gentoo.org/glsa/glsa-201402-14.xml by GLSA coordinator Mikle Kolyada (Zlogene). |