Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

layout: Continue ICU security fix checkins

Description

Got some but not all commits in the xref'ed tickets.
Finish as time permits…

Attachments

3

Activity

UnicodeBot 
June 30, 2018 at 11:35 PM

Trac Comment 6 by —2016-09-12T16:10:04.592Z

Layout engine has been removed from ICU 58.

UnicodeBot 
June 30, 2018 at 11:35 PM

Trac Comment 3.4 by —2016-07-07T16:12:03.647Z

Replying to (Comment 3 roberto@…):

Greetings. I have prepared patches for the Debian package of ICU 4.8.1.1 (in Wheezy, or the oldstable distribution, 7.11) that cover CVE-2015-2632, CVE-2015-4844, and CVE-2016-0494. They are based on specific commits to the OpenJDK upstream source. I would like to upload the patched ICU to Debian Wheezy in order to address the stated CVEs. Would it be possible for someone from upstream, who is more familiar with the inner workings of ICU, to review the patches?

The patches look good, with the caveat that the “signed overflow” in the compile options was unexpected and may need some evaluation before it would go into ICU itself. But if you want a +1, you've got it.

UnicodeBot 
June 30, 2018 at 11:35 PM

Trac Comment 3 by roberto@67437ae9a70aff56—2016-06-28T12:50:39.400Z

Greetings. I have prepared patches for the Debian package of ICU 4.8.1.1 (in Wheezy, or the oldstable distribution, 7.11) that cover CVE-2015-2632, CVE-2015-4844, and CVE-2016-0494. They are based on specific commits to the OpenJDK upstream source. I would like to upload the patched ICU to Debian Wheezy in order to address the stated CVEs. Would it be possible for someone from upstream, who is more familiar with the inner workings of ICU, to review the patches?

Won't Fix

Details

Assignee

Reporter

Components

Labels

Priority

Fix versions

Created June 28, 2018 at 5:25 PM
Updated July 2, 2018 at 2:32 AM
Resolved July 2, 2018 at 2:32 AM