Security Information / 2015 / Security Information -- DSA-3360-1 icu

Debian Security Advisory

DSA-3360-1 icu -- security update

Date Reported:

15 Sep 2015

Affected Packages:

icu

Vulnerable:

Yes

Security database references:

In the Debian bugtracking system: Bug 798647.
In Mitre's CVE dictionary: CVE-2015-1270.

More information:

It was discovered that the International Components for Unicode (ICU) library mishandles converter names starting with x-, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.

For the stable distribution (jessie), this problem has been fixed in version 52.1-8+deb8u3.

For the testing distribution (stretch), this problem has been fixed in version 55.1-5.

For the unstable distribution (sid), this problem has been fixed in version 55.1-5.

We recommend that you upgrade your icu packages.