From ${URL} : An unspecified overlow vulnerability was fixed in ICU [1] and Chrome browser [2][3]. [1]: http://bugs.icu-project.org/trac/changeset/36801 [2]: https://code.google.com/p/chromium/issues/detail?id=432209 [3]: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Patch added to dev-libs/icu-53.1-r3 and dev-libs/icu-54.1-r1 Unfortunately the patch looks like it breaks ABI. So I've changed the subslot in each case (53 -> 53a, 54 -> 54a). Needs testing for a while and then a decision whether 53.1-r3 or 54.1-r1 goes stable. (54.1 was only just bumped a few days ago.)
(In reply to Andreas K. Hüttel from comment #1) > Needs testing for a while and then a decision whether 53.1-r3 or 54.1-r1 > goes stable. (54.1 was only just bumped a few days ago.) Looks good, so let's go immediately for dev-libs/icu-54.1-r1 Arches please stabilize Target: all stable arches =dev-libs/icu-54.1-r1 On amd64 and x86 this needs to be synchronized with bug 534684 (because of libreoffice-bin dependencies). This obsoletes bug 523164.
amd64 stable
x86 stable
Stable for HPPA.
sparc stable
arm stable
ppc64 stable
ppc stable
ia64 stable
alpha stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one.
All vulnerable versions removed. Office out.
Arches and Maintainer(s), Thank you for your work. New GLSA Request filed.
This issue was resolved and addressed in GLSA 201503-06 at https://security.gentoo.org/glsa/201503-06 by GLSA coordinator Kristian Fiskerstrand (K_F).
