CVE-2017-15422

Priority
Description
Integer overflow in international date handling in International Components
for Unicode (ICU) for C/C++ before 60.1, as used in V8 in Google Chrome
prior to 63.0.3239.84 and other products, allowed a remote attacker to
perform an out of bounds memory read via a crafted HTML page.
Notes
 leosilva> same as wheezy, precise/esm is not affected code is not present.
Package
Upstream:released (63.0.3239.84)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (63.0.3239.84-0ubuntu0.14.04.1)
Ubuntu 16.04 LTS (Xenial Xerus):released (63.0.3239.84-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (63.0.3239.84-0ubuntu1)
Ubuntu 18.10 (Cosmic Cuttlefish):released (63.0.3239.84-0ubuntu1)
Ubuntu 19.04 (Disco Dingo):released (63.0.3239.84-0ubuntu1)
Package
Source: icu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (code not present)
Ubuntu 14.04 LTS (Trusty Tahr):released (52.1-3ubuntu0.8)
Ubuntu 16.04 LTS (Xenial Xerus):released (55.1-7ubuntu0.4)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (60.2-3ubuntu3)
Ubuntu 18.10 (Cosmic Cuttlefish):not-affected (60.2-3ubuntu3)
Ubuntu 19.04 (Disco Dingo):not-affected (60.2-3ubuntu3)
Patches:
Upstream:http://bugs.icu-project.org/trac/changeset/40654
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):ignored (Ubuntu touch end-of-life)
Ubuntu 16.04 LTS (Xenial Xerus):ignored (Ubuntu touch end-of-life)
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 18.10 (Cosmic Cuttlefish):DNE
Ubuntu 19.04 (Disco Dingo):DNE
More Information

Updated: 2019-03-19 12:28:55 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)