layout: Continue ICU security fix checkins

Description

Got some but not all commits in the xref'ed tickets.
Finish as time permits…

Activity

Show:
TracBot
June 30, 2018, 11:35 PM
Trac Comment 3 by roberto@67437ae9a70aff56—2016-06-28T12:50:39.400Z

Greetings. I have prepared patches for the Debian package of ICU 4.8.1.1 (in Wheezy, or the oldstable distribution, 7.11) that cover CVE-2015-2632, CVE-2015-4844, and CVE-2016-0494. They are based on specific commits to the OpenJDK upstream source. I would like to upload the patched ICU to Debian Wheezy in order to address the stated CVEs. Would it be possible for someone from upstream, who is more familiar with the inner workings of ICU, to review the patches?

TracBot
June 30, 2018, 11:35 PM
Trac Comment 3.4 by —2016-07-07T16:12:03.647Z

Replying to (Comment 3 roberto@…):

Greetings. I have prepared patches for the Debian package of ICU 4.8.1.1 (in Wheezy, or the oldstable distribution, 7.11) that cover CVE-2015-2632, CVE-2015-4844, and CVE-2016-0494. They are based on specific commits to the OpenJDK upstream source. I would like to upload the patched ICU to Debian Wheezy in order to address the stated CVEs. Would it be possible for someone from upstream, who is more familiar with the inner workings of ICU, to review the patches?

The patches look good, with the caveat that the “signed overflow” in the compile options was unexpected and may need some evaluation before it would go into ICU itself. But if you want a +1, you've got it.

TracBot
June 30, 2018, 11:35 PM
Trac Comment 6 by —2016-09-12T16:10:04.592Z

Layout engine has been removed from ICU 58.

Assignee

Steven R. Loomis

Reporter

Steven R. Loomis

Components

Labels

Reviewer

None

Priority

minor

Time Needed

None

Fix versions

Configure