[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 219-1] icu security update

Package        : icu
Version        : 4.4.1-8+squeeze3
CVE ID         : CVE-2013-1569 CVE-2013-2383 CVE-2013-2384 CVE-2013-2419
                 CVE-2014-6585 CVE-2014-6591 CVE-2014-7923 CVE-2014-7926
                 CVE-2014-7940 CVE-2014-9654

Several vulnerabilities were discovered in the International Components
for Unicode (ICU) library:

CVE-2013-1569

    Glyph table issue.

CVE-2013-2383

    Glyph table issue.

CVE-2013-2384

    Font layout issue.

CVE-2013-2419

    Font processing issue.

CVE-2014-6585

    Out-of-bounds read.

CVE-2014-6591

    Additional out-of-bounds reads.

CVE-2014-7923

    Memory corruption in regular expression comparison.

CVE-2014-7926

    Memory corruption in regular expression comparison.

CVE-2014-7940

    Uninitialized memory.

CVE-2014-9654

    More regular expression flaws.

For Debian 6 “Squeeze”, these issues have been fixed in icu version
4.4.1-8+squeeze3.

Attachment: signature.asc
Description: Digital signature

Reply to: