Candidate: CVE-2009-0153
PublicDate: 2009-05-13 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0153
 https://ubuntu.com/security/notices/USN-846-1
Description:
 International Components for Unicode (ICU) 4.0, 3.6, and other 3.x
 versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0
 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10,
 and possibly other operating systems, does not properly handle invalid byte
 sequences during Unicode conversion, which might allow remote attackers to
 conduct cross-site scripting (XSS) attacks.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to: jdstrand
CVSS: 

Patches_icu:
 vendor: http://www.debian.org/security/2009/dsa-1889
upstream_icu: released (4.0.1-1)
dapper_icu: ignored (reached end-of-life)
hardy_icu: released (3.8-6ubuntu0.2)
intrepid_icu: released (3.8.1-2ubuntu0.2)
jaunty_icu: released (3.8.1-3ubuntu1.1)
devel_icu: not-affected (4.0.1-2)