From ${URL} : It was found that uloc_acceptLanguageFromHTTP function in common/uloc.cpp does not ensure that there is a '\0' character at the end of a certain temporary array that leads to out of bounds access, possibly causing DoS. CVE assignment: http://seclists.org/oss-sec/2016/q3/137 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
This was fixed in v58.1 (see http://site.icu-project.org/security) which is available in Gentoo repository since https://gitweb.gentoo.org/repo/gentoo.git/commit/dev-libs/icu?id=b4293900b8325feb1be4ad127dd4823ed022985d Stabilization will happen in bug 594494.
*** Bug 601398 has been marked as a duplicate of this bug. ***
Cleanup done. Office out.
Had to revert the cleanup since it depends on bug 603792
Added to existing GLSA request. Cleanup will happen as part of bug 594494.
This issue was resolved and addressed in GLSA 201701-58 at https://security.gentoo.org/glsa/201701-58 by GLSA coordinator Aaron Bauman (b-man).
