[Secure-testing-team] Bug#702346: icu: CVE-2013-0900
Moritz Muehlenhoff
jmm at inutil.org
Tue Mar 5 14:43:11 UTC 2013
Package: icu
Severity: grave
Tags: security
Justification: user security hole
Hi Jay,
Google fixed a security issue in icu, which is embedded in Chrome:
http://googlechromereleases.blogspot.de/2013/02/stable-channel-update_21.html
| [152442] Medium CVE-2013-0900: Race condition in ICU. Credit to Google Chrome Security Team (Inferno).
I contact the Google Chrome Security Team and they pointed me to the following
upstream bug (which is private ATM, but maybe you have access?):
http://bugs.icu-project.org/trac/ticket/9737
They also send me links to the upstream fixes:
http://bugs.icu-project.org/trac/changeset/32865
http://bugs.icu-project.org/trac/changeset/32908
Cheers,
Moritz
More information about the Secure-testing-team
mailing list