Summary: | <dev-libs/icu-65.1-r1: integer overflow in UnicodeString::doAppend() (CVE-2020-10531) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Stephan Hartmann (RETIRED) <sultan> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | office, sam |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html | ||
See Also: | https://github.com/gentoo/gentoo/pull/14779 | ||
Whiteboard: | A2 [glsa+ cve] | ||
Package list: |
=dev-libs/icu-65.1-r1
|
Runtime testing required: | --- |
Bug Depends on: | |||
Bug Blocks: | 710760 |
Description
Stephan Hartmann (RETIRED)
2020-02-25 07:36:49 UTC
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=156d2bd5e79f0d331afc1ff82b565350fe5ea93c commit 156d2bd5e79f0d331afc1ff82b565350fe5ea93c Author: Stephan Hartmann <stha09@googlemail.com> AuthorDate: 2020-02-26 11:15:01 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-02-26 11:49:08 +0000 dev-libs/icu: add patch to fix integer overflow Bug: https://bugs.gentoo.org/710758 Package-Manager: Portage-2.3.84, Repoman-2.3.20 Signed-off-by: Stephan Hartmann <stha09@googlemail.com> Closes: https://github.com/gentoo/gentoo/pull/14779 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/icu/files/icu-65.1-integer-overflow.patch | 118 +++++++++++++++++ dev-libs/icu/icu-65.1-r1.ebuild | 143 +++++++++++++++++++++ 2 files changed, 261 insertions(+) amd64 stable x86 stable sparc stable s390 stable ia64 stable ppc64 stable ppc stable arm stable arm64 stable *** Bug 712284 has been marked as a duplicate of this bug. *** New GLSA request created. @ maintainer(s): Note that the ICU 66 (66.1) that was released this month does not include the fix for this issue. So please keep an eye on this when adding next version! This issue was resolved and addressed in GLSA 202003-15 at https://security.gentoo.org/glsa/202003-15 by GLSA coordinator Thomas Deutschmann (whissi). Re-opening for remaining architecture. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1792f28293cc855d2f1d35351909380f3c8c755d commit 1792f28293cc855d2f1d35351909380f3c8c755d Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-03-15 12:03:37 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-03-15 13:31:55 +0000 dev-libs/icu: drop all keywords from 65.1 except hppa Bug: https://bugs.gentoo.org/710758 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/icu/icu-65.1.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) hppa stable The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=1356ba4a3dca719b189546d13a3198673bc25129 commit 1356ba4a3dca719b189546d13a3198673bc25129 Author: Andreas Sturmlechner <asturm@gentoo.org> AuthorDate: 2020-03-16 21:06:01 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2020-03-16 21:28:33 +0000 dev-libs/icu: Drop 65.1 (r0) Closes: https://bugs.gentoo.org/710758 Package-Manager: Portage-2.3.94, Repoman-2.3.21 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> dev-libs/icu/icu-65.1.ebuild | 142 ------------------------------------------- 1 file changed, 142 deletions(-) |