CVE-2013-2924 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-2924): Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
*** This bug has been marked as a duplicate of bug 486900 ***
*** Bug 486900 has been marked as a duplicate of this bug. ***
Created attachment 362224 [details, diff] changeset_34076.diff Upstream patch to address the issue. Taken from http://bugs.icu-project.org/trac/changeset/34076
What's the plan here? If you want to fast-stabilize a newer version I'd like to know asap, since I have to re-build libreoffice-bin because of poppler anyway.
(In reply to Andreas K. Hüttel from comment #4) > What's the plan here? If you want to fast-stabilize a newer version I'd like > to know asap, since I have to re-build libreoffice-bin because of poppler > anyway. OK we're going with =dev-libs/icu-51.2-r1 Please do your security magic and have arches stabilize that.
Arches please security-stabilize =dev-libs/icu-51.2-r1 Target: all stable arches
amd64 stable
ppc stable
ppc64 stable
x86 stable
Current icu ebuild has wrong subslot and causes useless rebuild of libreoffice and several other packages: https://bugs.gentoo.org/show_bug.cgi?id=464876#c2
alpha stable
arm stable
Stable for HPPA.
sparc stable
I see depency conflict with bibtexu with newly stabilized ebuild, https://bugs.gentoo.org/show_bug.cgi?id=490459
ia64 stable. Maintainer(s), please cleanup. Security, please vote.
GLSA vote: yes
(In reply to Sergey Popov from comment #18) > GLSA vote: yes This is A. Please file the request or add to the existing.
GLSA Request Filed
All vulnerable versions removed from the tree.
This issue was resolved and addressed in GLSA 201402-14 at http://security.gentoo.org/glsa/glsa-201402-14.xml by GLSA coordinator Mikle Kolyada (Zlogene).