106904 – ICU needs to be updated because of known security vulnerability

Issue 106904 - ICU needs to be updated because of known security vulnerability

Summary: ICU needs to be updated because of known security vulnerability

Status:	CLOSED FIXED

Alias:	None

Product:	Internationalization
Classification:	Code
Component:	code (show other issues)
Version:	OOO320m4
Hardware:	All All

Importance:	P3 Trivial (vote)
Target Milestone:	---
Assignee:	stefan.baltzer
QA Contact:	issues@l10n

URL:
Keywords:

Duplicates (1):	104564 (view as issue list)
Depends on:
Blocks:	99999 104564
	Show dependency tree

Reported:	2009-11-13 15:28 UTC by malte_timmermann
Modified:	2017-05-20 11:42 UTC (History)
CC List:	1 user (show)

See Also:
Issue Type:	DEFECT
Latest Confirmation in:	---
Developer Difficulty:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this issue.

Description malte_timmermann 2009-11-13 15:28:56 UTC

http://www.debian.org/security/2009/dsa-1889 
OOo is _NOT_ affected, but we don't want to ship the vulnerable version in newer
releases.

Comment 1 malte_timmermann 2009-11-13 15:29:48 UTC

ooo 3.2 (security)

Comment 2 ooo 2009-11-16 13:11:05 UTC

Will upgrade ICU to 4.0.1 in CWS icuooo32.

Further references:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153
http://icu-project.org/download/4.0.html#ICU4C
http://bugs.icu-project.org/trac/ticket/5691

OOo does not use the vulnerable character conversions.

Comment 3 ooo 2009-11-17 15:15:38 UTC

In cws icuooo32:

revision 277537
D icu/download/icu-4.0.tar.gz
A icu/download/icu4c-4_0_1-src.tgz
D icu/icu-4.0.patch
A icu/icu4c-4_0_1-src.patch
M icu/icuversion.mk
M icu/makefile.mk

Comment 4 ooo 2009-11-30 12:52:24 UTC

To QA.

Comment 5 stefan.baltzer 2009-11-30 13:09:26 UTC

Verified in CWS icuooo32.

Comment 6 hdu@apache.org 2010-08-17 11:31:13 UTC

*** Issue 104564 has been marked as a duplicate of this issue. ***