[Secure-testing-team] Bug#838694: icu: CVE-2016-7415: Stack based buffer overflow in locid.cpp
Salvatore Bonaccorso
carnil at debian.org
Fri Sep 23 17:26:28 UTC 2016
Source: icu
Version: 52.1-8
Severity: important
Tags: security upstream
Hi,
the following vulnerability was published for icu.
CVE-2016-7415[0]:
| Stack-based buffer overflow in the Locale class in common/locid.cpp in
| International Components for Unicode (ICU) through 57.1 for C/C++
| allows remote attackers to cause a denial of service (application
| crash) or possibly have unspecified other impact via a long locale
| string.
The PHP Project indicated in [1] that it was an underlying issue in
icu, and thus MITRE assigned CVE-2016-7415 for the ICU specific issue.
Could you bring this to upstream? Is there a ticket upstream already
filled about it, and if not can you please forward the issue?
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2016-7415
[1] https://bugs.php.net/bug.php?id=73007
Regards,
Salvatore
More information about the Secure-testing-team
mailing list