ICU: security fixes from Oracle Java CPU Jul 2015

Description

OpenJDK and Oracle JDK embed ICU layout engine. Multiple fixes were applied to the code used in OpenJDK as part of the Oracle CPU Jul 2015:

http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html#AppendixJAVA

Some of the fixes were rated as security vulnerability fixes:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/efc8652da937 (done)

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/3f9845510b47

other as hardening / defence in depth fixes:

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/1fa5fb9632e9

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/39f3f16bbc96

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/fe774848cbf9

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/b7d09522002b

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/2a6297d0ddf9

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/d1d6bc3d0218

http://hg.openjdk.java.net/jdk8u/jdk8u/jdk/rev/db834667e996

There does not seem to be any real details available as Oracle refuses to provide any details about security fixes they do. These patches seem applicable to upstream ICU.

Activity

Show:
TracBot
July 1, 2018, 12:05 AM
Trac Comment 2 by —2015-09-24T16:03:51.338Z
TracBot
July 1, 2018, 12:05 AM
Trac Comment 4 by —2016-02-03T18:25:16.540Z

Status: partially done

'''edit''' r38143 fixes CVE-2016-2632 according to http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-2632.html

TracBot
July 1, 2018, 12:06 AM
Trac Comment 6 by —2016-03-02T18:09:12.810Z

Fixed

Assignee

Steven R. Loomis

Reporter

TracBot

Components

Labels

None

Reviewer

None

Priority

assess

Time Needed

None

Fix versions