Candidate: CVE-2008-1036
PublicDate: 2008-06-02 21:30:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1036
 https://ubuntu.com/security/notices/USN-747-1
Description:
 The International Components for Unicode (ICU) library in Apple Mac OS X
 before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems
 omits some invalid character sequences during conversion of some character
 encodings, which might allow remote attackers to conduct cross-site
 scripting (XSS) attacks.
Ubuntu-Description: 
Notes: 
Bugs: 
 https://bugs.launchpad.net/bugs/341834
 https://bugzilla.redhat.com/show_bug.cgi?id=464168
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
CVSS: 

Patches_icu:
 vendor: http://launchpadlibrarian.net/23783267/icu.icu6175.emptysegments.patch
 vendor: https://bugzilla.redhat.com/attachment.cgi?id=321139
 upstream: http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&noquickjump=1&changeset=on
upstream_icu: needed
dapper_icu: released (3.4.1a-1ubuntu1.6.06.2)
gutsy_icu: released (3.6-3ubuntu0.2)
hardy_icu: released (3.8-6ubuntu0.1)
intrepid_icu: released (3.8.1-2ubuntu0.1)
devel_icu: released (3.8.1-3ubuntu1)