]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 9a74755) | patch
icu: CVE-2014-8146-CVE-2014-8147
authorSona Sarmadi <sona.sarmadi@enea.com>
Fri, 4 Sep 2015 10:51:00 +0000 (12:51 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 19 Sep 2015 10:52:55 +0000 (11:52 +0100)
commit1bc6391f65dec41ff0360b625b7a85a161e43955
tree29830a186d2fc00695436d9d22d13475cebd5ff5tree | snapshot
parent9a747554ba985970009a065f3403b94565e698e3commit | diff
icu: CVE-2014-8146-CVE-2014-8147

CVE-2014-8146 icu: heap overflow via incorrect isolateCount
CVE-2014-8147 icu: integer truncation in the resolveImplicitLevels function

References:
[1] https://github.com/pedrib/PoC/raw/master/generic/i-c-u-fail.7z
[2] https://www.kb.cert.org/vuls/id/602540
[3] http://bugs.icu-project.org/trac/changeset/37080
[4] http://bugs.icu-project.org/trac/changeset/37162

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-support/icu/icu/icu-CVE-2014-8146-CVE-2014-8147.patch [new file with mode: 0644] blob
meta/recipes-support/icu/icu_53.1.bb diff | blob | history
Mirror of the official openembedded-core repository