OpenJDK and Oracle JDK embed ICU layout engine. Multiple fixes were applied to the code used in OpenJDK as part of the Oracle CPU Jul 2015:
Some of the fixes were rated as security vulnerability fixes:
other as hardening / defence in depth fixes:
There does not seem to be any real details available as Oracle refuses to provide any details about security fixes they do. These patches seem applicable to upstream ICU.