dev-libs/icu-55.1 was released on 2015-04-01.
This also fixes two security issues, so changing this to be a security bug. Details in URL, CVEs are already assigned.
changing to A3 -> A2 because of possible code execution.
Guys, this is FIXED in 55.1, and this means the vulnerability is in <55.1 Please be careful when changing the titles...
Test-building 55.1 and revdeps locally.
Bumped as ~arch. Lets wait a few days to check for breakage and then stabilize.
Let's sync this with bug 547900 (libreoffice-4.4.3.2 stabilization) because of libreoffice-bin. In preparation.
Arches please stabilize Target: all stable arches (amd64 and x86 are handled in bug 547900) =dev-libs/icu-55.1
alpha stable
Stable for PPC64.
arm stable
Stable for HPPA.
CVE-2014-8147 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8147): The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text. CVE-2014-8146 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-8146): The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.
ia64 stable
sparc stable
ppc stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed. Maintainer(s), please drop the vulnerable version(s).
This issue was resolved and addressed in GLSA 201507-04 at https://security.gentoo.org/glsa/201507-04 by GLSA coordinator Mikle Kolyada (Zlogene).
Re-opening for Cleanup. Maintainer please drop version 54.1-r1 so we can close bug.
Maintainer(s), please drop the vulnerable version(s).
Maintainer(s), Thank you for you for cleanup.
Nothing to do here for office anymore