CVE-2017-15422

Priority
Description
Integer overflow in international date handling in International Components
for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome
prior to 63.0.3239.84 and other products, allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page.
Notes
leosilvasame as wheezy, precise/esm is not affected code is not present.
Package
Upstream:released (63.0.3239.84)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [63.0.3239.84-0ubuntu0.14.04.1])
Ubuntu 16.04 LTS (Xenial Xerus):released (63.0.3239.84-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (63.0.3239.84-0ubuntu1)
Package
Source: icu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 ESM (Trusty Tahr):released (52.1-3ubuntu0.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (55.1-7ubuntu0.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (60.2-3ubuntu3)
Patches:
Upstream:http://bugs.icu-project.org/trac/changeset/40654
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was ignored [Ubuntu touch end-of-life])
Ubuntu 16.04 LTS (Xenial Xerus):ignored (Ubuntu touch end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
More Information

Updated: 2020-01-29 19:58:33 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)