Layout Engine security fix for CVE-2013-5907
The following fix was applied to ICU embedded in OpenJDK:
The same fix seems applicable to the current ICU trunk, but isn't applied there yet. Is it unneeded for some less obvious reason, or just not committed yet?
Trac Comment 6 by —2015-12-17T18:01:25.645Z
le_int32 store = (le_uint32)order;
signed/unsigned mismatch, please fix
Trac Comment 1 by —2014-02-06T18:17:57.345Z
It is applicable and needs to be committed.