]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6264b4a) | patch
icu: CVE-2017-14952
authorOvidiu Panait <ovidiu.panait@windriver.com>
Fri, 10 Nov 2017 15:46:10 +0000 (17:46 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 4 Dec 2017 17:14:33 +0000 (17:14 +0000)
commit16006869e30395dd758a1797e324567ec4f8e074
tree62f1afda3c1c1af49c7b2310a09ac32b982123batree | snapshot
parent6264b4afe6962d37eeb918e062568dee811ef231commit | diff
icu: CVE-2017-14952

Double free in i18n/zonemeta.cpp in International Components for Unicode
(ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary
code via a crafted string, aka a "redundant UVector entry clean up
function call" issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14952

Upstream patches:
http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-support/icu/icu/CVE-2017-14952.patch [new file with mode: 0644] blob
meta/recipes-support/icu/icu_59.1.bb diff | blob | history
Mirror of the official openembedded-core repository