Discussion:
libicu security update
(too old to reply)
Nelson H. F. Beebe
2018-03-23 19:07:45 UTC
Permalink
The debian-security-***@lists.debian.org list just had a posting
about a newly-fixed security flaw in the ICU library that is used by
one or more executables in the TeX Live distribution.

See

https://security-tracker.debian.org/tracker/source-package/icu

for links. Should TeX Live 2018 sources be updated to include the
fix?
...
- -------------------------------------------------------------------------
https://www.debian.org/security/ Moritz Muehlenhoff
March 23, 2018 https://www.debian.org/security/faq
- -------------------------------------------------------------------------
Package : icu
CVE ID : CVE-2017-15422
It was discovered that an integer overflow in the International
Components for Unicode (ICU) library could result in denial of service
and potentially the execution of arbitrary code.
For the oldstable distribution (jessie), this problem has been fixed
in version 52.1-8+deb8u7.
For the stable distribution (stretch), this problem has been fixed in
version 57.1-6+deb9u2.
We recommend that you upgrade your icu packages.
For the detailed security status of icu please refer to
https://security-tracker.debian.org/tracker/icu
...
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: ***@math.utah.edu -
- 155 S 1400 E RM 233 ***@acm.org ***@computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
Karl Berry
2018-03-23 22:15:57 UTC
Permalink
https://security-tracker.debian.org/tracker/source-package/icu
CVE ID : CVE-2017-15422

nb> Should TeX Live 2018 sources be updated to include the fix?

I suppose. Thanks. Following the links, it seems the diffs are at
https://ssl.icu-project.org/trac/changeset/40654

Akira, if you have time, could you install the changes? Else I will get
to it in a couple of days. --thanks, karl.
Akira Kakuto
2018-03-23 22:40:13 UTC
Permalink
Hi Karl,
Post by Karl Berry
I suppose. Thanks. Following the links, it seems the diffs are at
https://ssl.icu-project.org/trac/changeset/40654
Akira, if you have time, could you install the changes? Else I will get
to it in a couple of days. --thanks, karl.
OK. I'll do it today.

Thanks,
Akira
Akira Kakuto
2018-03-23 23:25:44 UTC
Permalink
Hi Karl,
Post by Karl Berry
I suppose. Thanks. Following the links, it seems the diffs are at
https://ssl.icu-project.org/trac/changeset/40654
Akira, if you have time, could you install the changes? Else I will get
to it in a couple of days. --thanks, karl.
I think
changeset_40654.diff at
https://ssl.icu-project.org/trac/changeset/40654
is already applied in the TeX Live sources.
Sorry if I'm wrong.

Thanks,
Akira

Loading...