Debian-LTS alert DLA-283-1 (icu)


From:
    	       Santiago Ruano Rincón <santiagorr@riseup.net> 
To:
    	       debian-lts-announce@lists.debian.org 
Subject:
    	       [SECURITY] [DLA 283-1] icu security update 
Date:
    	       Tue, 28 Jul 2015 15:23:29 +0200
Message-ID:
    	       <20150728132329.GA28369@nomada>
Package        : icu
Version        : 4.4.1-8+squeeze4
CVE ID         : CVE-2015-4760

A vulnerability has been found in the International Components
for Unicode (ICU) library:

CVE-2015-4760

    It was discovered that ICU Layout Engine was missing multiple
    boundary checks. These could lead to buffer overflows and memory
    corruption. A specially crafted file could cause an application
    using ICU to parse untrusted font files to crash and, possibly,
    execute arbitrary code.

For the squeeze distribution, these issues have been fixed in version
4.4.1-8+squeeze4 of icu.

We recommend to upgrade your icu packages.

From:		Santiago Ruano Rincón <santiagorr@riseup.net>
To:		debian-lts-announce@lists.debian.org
Subject:		[SECURITY] [DLA 283-1] icu security update
Date:		Tue, 28 Jul 2015 15:23:29 +0200
Message-ID:		<20150728132329.GA28369@nomada>