[tex-live] libicu security update
Nelson H. F. Beebe
beebe at math.utah.edu
Fri Mar 23 20:07:45 CET 2018
The debian-security-announce at lists.debian.org list just had a posting
about a newly-fixed security flaw in the ICU library that is used by
one or more executables in the TeX Live distribution.
See
https://security-tracker.debian.org/tracker/source-package/icu
for links. Should TeX Live 2018 sources be updated to include the
fix?
Here is the Debian announcement body:
>> ...
>> - -------------------------------------------------------------------------
>> Debian Security Advisory DSA-4150-1 security at debian.org
>> https://www.debian.org/security/ Moritz Muehlenhoff
>> March 23, 2018 https://www.debian.org/security/faq
>> - -------------------------------------------------------------------------
>>
>> Package : icu
>> CVE ID : CVE-2017-15422
>>
>> It was discovered that an integer overflow in the International
>> Components for Unicode (ICU) library could result in denial of service
>> and potentially the execution of arbitrary code.
>>
>> For the oldstable distribution (jessie), this problem has been fixed
>> in version 52.1-8+deb8u7.
>>
>> For the stable distribution (stretch), this problem has been fixed in
>> version 57.1-6+deb9u2.
>>
>> We recommend that you upgrade your icu packages.
>>
>> For the detailed security status of icu please refer to
>> its security tracker page at:
>> https://security-tracker.debian.org/tracker/icu
>> ...
-------------------------------------------------------------------------------
- Nelson H. F. Beebe Tel: +1 801 581 5254 -
- University of Utah FAX: +1 801 581 4148 -
- Department of Mathematics, 110 LCB Internet e-mail: beebe at math.utah.edu -
- 155 S 1400 E RM 233 beebe at acm.org beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------
More information about the tex-live
mailing list