Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 651370

Summary: <dev-libs/icu-{58.2-r1,60.2}: integer overflow (CVE-2017-15422)
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED OBSOLETE    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [noglsa cve]
Package list:
Runtime testing required: ---

Description Ian Zimmerman 2018-03-24 17:49:08 UTC
According to the Debian summary [1]:

It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code.

Upstream bug (with patch) at [2]

[1]
https://www.debian.org/security/2018/dsa-4150

[2]
https://ssl.icu-project.org/trac/changeset/40654
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2018-04-03 15:06:16 UTC

*** This bug has been marked as a duplicate of bug 640334 ***
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-03 15:22:08 UTC
Sorry, this is not a duplicate.  A tracker bug should have been created when initially reported.  This is, however, fixed in the mentioned versions and stable in the tree.