Summary: | <dev-libs/icu-4.6.1: out-of-bounds read via vectors related to a regular expression (CVE-2012-5109) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | arfrever.fta, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://bugzilla.redhat.com/show_bug.cgi?id=864538 | ||
Whiteboard: | B3 [noglsa] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2012-10-10 13:14:42 UTC
CVE-2012-5109 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5109): The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression. Red Hat bug mentioned in URL field now contains: "Upstream patch: http://bugs.icu-project.org/trac/changeset/29356" So bug #437834 was fixed since ICU 4.6.1. (In reply to comment #2) > Red Hat bug mentioned in URL field now contains: > "Upstream patch: > http://bugs.icu-project.org/trac/changeset/29356" > > So bug #437834 was fixed since ICU 4.6.1. Thank you, Arfrever. GLSA vote: no. Not only would this lead to a client-side DoS, but ICU users should already be protected by applying the resolution in GLSA 201209-07. Closing noglsa. |