Apache OpenOffice (AOO) Bugzilla – Issue 106904
ICU needs to be updated because of known security vulnerability
Last modified: 2017-05-20 11:42:03 UTC
http://www.debian.org/security/2009/dsa-1889 OOo is _NOT_ affected, but we don't want to ship the vulnerable version in newer releases.
ooo 3.2 (security)
Will upgrade ICU to 4.0.1 in CWS icuooo32. Further references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153 http://icu-project.org/download/4.0.html#ICU4C http://bugs.icu-project.org/trac/ticket/5691 OOo does not use the vulnerable character conversions.
In cws icuooo32: revision 277537 D icu/download/icu-4.0.tar.gz A icu/download/icu4c-4_0_1-src.tgz D icu/icu-4.0.patch A icu/icu4c-4_0_1-src.patch M icu/icuversion.mk M icu/makefile.mk
To QA.
Verified in CWS icuooo32.
*** Issue 104564 has been marked as a duplicate of this issue. ***