Debian Security Advisory

DSA-5014-1 icu -- security update

Date Reported:
28 Nov 2021
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2020-21913.
More information:

Rongxin Wu discovered a use-after-free vulnerability in the International Components for Unicode (ICU) library which could result in denial of service or potentially the execution of arbitrary code.

For the oldstable distribution (buster), this problem has been fixed in version 63.1-6+deb10u2.

We recommend that you upgrade your icu packages.

For the detailed security status of icu please refer to its security tracker page at: