Layout Engine security fix for CVE-2013-5907

Description

The following fix was applied to ICU embedded in OpenJDK:

http://hg.openjdk.java.net/jdk7u/jdk7u/jdk/rev/9d29c19f1de1

The same fix seems applicable to the current ICU trunk, but isn't applied there yet. Is it unneeded for some less obvious reason, or just not committed yet?

Activity

Show:
TracBot
June 30, 2018, 11:59 PM
Trac Comment 6 by —2015-12-17T18:01:25.645Z

le_int32 store = (le_uint32)order;

signed/unsigned mismatch, please fix

TracBot
June 30, 2018, 11:59 PM
Trac Comment 1 by —2014-02-06T18:17:57.345Z

It is applicable and needs to be committed.

Fixed

Assignee

Steven R. Loomis

Reporter

TracBot

Components

Labels

None

Reviewer

None

Priority

major

Time Needed

Hours

Fix versions