]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: d4b17e8) | patch
icu: CVE-2017-14952
authorOvidiu Panait <ovidiu.panait@windriver.com>
Fri, 10 Nov 2017 15:46:10 +0000 (17:46 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 21 Nov 2017 13:02:35 +0000 (13:02 +0000)
commit4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d
treea65a6bdac6374f7c376f4363603630c5492b8395tree | snapshot
parentd4b17e841b497f0ee4d31a8c967b5ce1b76157e4commit | diff
icu: CVE-2017-14952

Double free in i18n/zonemeta.cpp in International Components for Unicode
(ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary
code via a crafted string, aka a "redundant UVector entry clean up
function call" issue.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2017-14952

Upstream patches:
http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp

Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
meta/recipes-support/icu/icu/CVE-2017-14952.patch [new file with mode: 0644] blob
meta/recipes-support/icu/icu_59.1.bb diff | blob | history
Mirror of the official openembedded-core repository