From red hat bugzilla at $URL: Common Vulnerabilities and Exposures assigned an identifier CVE-2012-5109 to the following vulnerability: The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression. References: [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5109 [2] http://googlechromereleases.blogspot.com/2012/10/stable-channel-update.html [3] https://code.google.com/p/chromium/issues/detail?id=148692 (private)
CVE-2012-5109 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-5109): The International Components for Unicode (ICU) functionality in Google Chrome before 22.0.1229.92 allows remote attackers to cause a denial of service (out-of-bounds read) via vectors related to a regular expression.
Red Hat bug mentioned in URL field now contains: "Upstream patch: http://bugs.icu-project.org/trac/changeset/29356" So bug #437834 was fixed since ICU 4.6.1.
(In reply to comment #2) > Red Hat bug mentioned in URL field now contains: > "Upstream patch: > http://bugs.icu-project.org/trac/changeset/29356" > > So bug #437834 was fixed since ICU 4.6.1. Thank you, Arfrever. GLSA vote: no. Not only would this lead to a client-side DoS, but ICU users should already be protected by applying the resolution in GLSA 201209-07.
Closing noglsa.
