-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.7
Date: Sun, 10 Feb 2008 17:19:24 -0500
Source: icu
Binary: libicu36-dev libicu36 icu-doc
Architecture: source all amd64
Version: 3.6-2etch1
Distribution: stable-security
Urgency: high
Maintainer: Jay Berkenbilt <qjb@debian.org>
Changed-By: Jay Berkenbilt <qjb@debian.org>
Description:
icu-doc - API documentation for ICU classes and functions
libicu36 - International Components for Unicode (libraries)
libicu36-dev - International Components for Unicode (development files)
Changes:
icu (3.6-2etch1) stable-security; urgency=high
.
* Add debian/patches/00-cve-2007-4770-4771.patch created from with
svn diff -c 23292 \
http://source.icu-project.org/repos/icu/icu/branches/maint/maint-3-8
to address the following security vulnerablilities:
- CVE-2007-4770: reference to non-existent capture group may
cause access to invalid memory
- CVE-2007-4771: buffer overflow in regexcmp.cpp
Files:
13dcea6b1c9a282147b99c4867db6ee8 591 libs optional icu_3.6-2etch1.dsc
0f1bda1992b4adca62da68a7ad79d830 9778863 libs optional icu_3.6.orig.tar.gz
82e560098b24b245872b163a522a80b8 9552 libs optional icu_3.6-2etch1.diff.gz
5da76263265814905245b97daec4c1c3 3332194 doc optional icu-doc_3.6-2etch1_all.deb
250851db4a613e9a5d0029d73c1196c0 5444228 libs optional libicu36_3.6-2etch1_amd64.deb
9fe0ee74625a985628c9af096dd13827 6585582 libdevel optional libicu36-dev_3.6-2etch1_amd64.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD8DBQFHyr6dwM/Gs81MDZ0RAsm7AKCHiCNQ0vEYV4gmD4ZhpCluVARg+ACeIyuE
QE1RZiE3GLaQVmzNGtQbEvk=
=hNzO
-----END PGP SIGNATURE-----
Accepted:
icu-doc_3.6-2etch1_all.deb
to pool/main/i/icu/icu-doc_3.6-2etch1_all.deb
icu_3.6-2etch1.diff.gz
to pool/main/i/icu/icu_3.6-2etch1.diff.gz
icu_3.6-2etch1.dsc
to pool/main/i/icu/icu_3.6-2etch1.dsc
libicu36-dev_3.6-2etch1_amd64.deb
to pool/main/i/icu/libicu36-dev_3.6-2etch1_amd64.deb
libicu36_3.6-2etch1_amd64.deb
to pool/main/i/icu/libicu36_3.6-2etch1_amd64.deb
