[Secure-testing-team] Bug#878840: icu: CVE-2017-14952: Double free in i18n/zonemeta.cpp
Salvatore Bonaccorso
carnil at debian.org
Tue Oct 17 04:34:20 UTC 2017
Source: icu
Version: 57.1-6
Severity: grave
Tags: patch security upstream
Hi,
the following vulnerability was published for icu.
CVE-2017-14952[0]:
| Double free in i18n/zonemeta.cpp in International Components for
| Unicode (ICU) for C/C++ through 59.1 allows remote attackers to
| execute arbitrary code via a crafted string, aka a "redundant UVector
| entry clean up function call" issue.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2017-14952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952
[1] http://www.sourcebrella.com/blog/double-free-vulnerability-international-components-unicode-icu/
[2] https://ssl.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp
Please adjust the affected versions in the BTS as needed, unstable
seem to contain the issue, experimental not checked. Older version
have as well not been verified.
Regards,
Salvatore
More information about the Secure-testing-team
mailing list