Use-after-free vulnerability in International Components for Unicode (ICU),
as used in Google Chrome before 30.0.1599.66 and other products, allows
remote attackers to cause a denial of service or possibly have unspecified
other impact via unknown vectors.
*** This bug has been marked as a duplicate of bug 486900 ***
*** Bug 486900 has been marked as a duplicate of this bug. ***
Created attachment 362224 [details, diff]
Upstream patch to address the issue. Taken from
What's the plan here? If you want to fast-stabilize a newer version I'd like to know asap, since I have to re-build libreoffice-bin because of poppler anyway.
(In reply to Andreas K. Hüttel from comment #4)
> What's the plan here? If you want to fast-stabilize a newer version I'd like
> to know asap, since I have to re-build libreoffice-bin because of poppler
OK we're going with =dev-libs/icu-51.2-r1
Please do your security magic and have arches stabilize that.
Arches please security-stabilize
Target: all stable arches
Current icu ebuild has wrong subslot and causes useless rebuild of libreoffice and several other packages:
Stable for HPPA.
I see depency conflict with bibtexu with newly stabilized ebuild, https://bugs.gentoo.org/show_bug.cgi?id=490459
Maintainer(s), please cleanup.
Security, please vote.
GLSA vote: yes
(In reply to Sergey Popov from comment #18)
> GLSA vote: yes
This is A. Please file the request or add to the existing.
GLSA Request Filed
All vulnerable versions removed from the tree.
This issue was resolved and addressed in
GLSA 201402-14 at http://security.gentoo.org/glsa/glsa-201402-14.xml
by GLSA coordinator Mikle Kolyada (Zlogene).