Fixed
Details
Details
Assignee
Andy Heninger
Andy Heninger
Reporter
UnicodeBot
UnicodeBot
Components
Labels
Priority
majorTime Needed
Hours
Fix versions
Created June 28, 2018 at 5:23 PM
Updated October 3, 2018 at 10:54 PM
Resolved July 1, 2018 at 8:42 PM
There were a couple security issues fixed in the embedded icu code in openjdk, which doesn't appear to be applied in icu yet:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6591
Redhat extracted the changes:
https://bugzilla.redhat.com/attachment.cgi?id=981489
https://bugzilla.redhat.com/attachment.cgi?id=981490
openjdk's icu is heavily patched, so the changes don't all apply cleanly.
Please consider adapting their fixes.