According to the Debian summary :
It was discovered that an integer overflow in the International Components for Unicode (ICU) library could result in denial of service and potentially the execution of arbitrary code.
Upstream bug (with patch) at 
*** This bug has been marked as a duplicate of bug 640334 ***
Sorry, this is not a duplicate. A tracker bug should have been created when initially reported. This is, however, fixed in the mentioned versions and stable in the tree.