lp:ubuntu/dapper-updates/icu
- Get this branch:
- bzr branch lp:ubuntu/dapper-updates/icu
Branch merges
Branch information
Recent revisions
- 9. By Marc Deslauriers
-
* SECURITY UPDATE: Cross-site scripting attack via invalid character
sequences (LP: #341834)
- debian/patches/ 03-cve- 2008-1036. patch: Improve parsing logic in
source/common/ {ucnv2022. c,ucnv_ bld.*,ucnv. c,ucnvhz. c} to replace
invalid character sequences. Also, add test case to
source/test/{cintltst/ nucnvtst. c,testdata/ conversion. txt}.
- CVE-2008-1036 - 8. By Jamie Strandboge
-
* SECURITY UPDATE: possible read from and write to out of bounds memory
locations via back reference '\0' in regular expressions
* SECURITY UPDATE: denial of service due to memory exhaustion via a
crafted regular expression
* debian/patches/ SECURITY_ CVE-2007- 4770_4771. patch: fix regexcmp.cpp to
return error on invalid back reference. fix rematch.cpp, uvectr32.h and
uvectr32.cpp to return error when capacity is greater than maxCapacity
* References
CVE-2007-4770
CVE-2007-4771 - 4. By Jay Berkenbilt <email address hidden>
-
Explicitly build with g++ 3.4. The current ICU fails its test suite
with 4.0 but not with 3.4. Future versions should work properly with
4.0. - 2. By Yves Arrouye <email address hidden>
-
* Fixed a crash in uconv when no argument is passed to -f or -t.
* Other upstream changes.
* Fresh upload with an up to date orig tar file so that future
diffs won't be 6 megabytes long!
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/precise/icu