icu: CVE-2017-14952

Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14952 Upstream patches: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com>
author: Ovidiu Panait <ovidiu.panait@windriver.com> 2017-11-10 17:46:10 +0200
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2017-11-21 13:02:35 +0000
commit: 4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d (patch)
tree: a65a6bdac6374f7c376f4363603630c5492b8395 /meta/recipes-support/icu/icu_59.1.bb
parent: d4b17e841b497f0ee4d31a8c967b5ce1b76157e4 (diff)
download: openembedded-core-contrib-4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-support/icu/icu_59.1.bb b/meta/recipes-support/icu/icu_59.1.bb
index 31f017b370..9fb1be81cc 100644
--- a/meta/recipes-support/icu/icu_59.1.bb
+++ b/meta/recipes-support/icu/icu_59.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "${BASE_SRC_URI} \
            file://icu-pkgdata-large-cmd.patch \
            file://fix-install-manx.patch \
            file://0001-i18n-Drop-include-xlocale.h.patch \
+           file://CVE-2017-14952.patch \
            "
 
 SRC_URI_append_class-target = "\
author	Ovidiu Panait <ovidiu.panait@windriver.com>	2017-11-10 17:46:10 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2017-11-21 13:02:35 +0000
commit	4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d (patch)
tree	a65a6bdac6374f7c376f4363603630c5492b8395 /meta/recipes-support/icu/icu_59.1.bb
parent	d4b17e841b497f0ee4d31a8c967b5ce1b76157e4 (diff)
download	openembedded-core-contrib-4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d.tar.gz