CVE-2007-4770
Published: 29 January 2008
libicu in International Components for Unicode (ICU) 3.8.1 and earlier attempts to process backreferences to the nonexistent capture group zero (aka \0), which might allow context-dependent attackers to read from, or write to, out-of-bounds memory locations, related to corruption of REStackFrames.
Priority
Status
Package | Release | Status |
---|---|---|
icu Launchpad, Ubuntu, Debian |
upstream |
Needed
|
dapper |
Released
(3.4.1a-1ubuntu1.6.06.1)
|
|
edgy |
Released
(3.4.1a-1ubuntu1.6.10.1)
|
|
feisty |
Released
(3.6-2ubuntu0.1)
|
|
gutsy |
Released
(3.6-3ubuntu0.1)
|
|
Patches: vendor: http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:026 vendor: https://rhn.redhat.com/errata/RHSA-2008-0090.html vendor: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=463688 other: http://sourceforge.net/mailarchive/message.php?msg_name=d03a2ffb0801221538x68825e42xb4a4aaf0fcccecbd%40mail.gmail.com |