From Mitre entry: Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952 http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/ http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp The upstream fix applies and builds fine, unmodified, when applied to current stable dev-libs/icu-58.2-r1 via /etc/portage/patches.
Thank you(In reply to Eddie Chapman from comment #0) > > The upstream fix applies and builds fine, unmodified, when applied to > current stable dev-libs/icu-58.2-r1 via /etc/portage/patches. Thank you for reporting and testing. @Maintainers please confirm and call for stabilization when ready. Thank you
Fixed by the noted versions which are already stable in the tree.