[tex-live] libicu security update

Nelson H. F. Beebe beebe at math.utah.edu
Fri Mar 23 20:07:45 CET 2018


The debian-security-announce at lists.debian.org list just had a posting
about a newly-fixed security flaw in the ICU library that is used by
one or more executables in the TeX Live distribution.

See 

	https://security-tracker.debian.org/tracker/source-package/icu

for links.  Should TeX Live 2018 sources be updated to include the
fix?

Here is the Debian announcement body:

>> ...
>> - -------------------------------------------------------------------------
>> Debian Security Advisory DSA-4150-1                   security at debian.org
>> https://www.debian.org/security/                       Moritz Muehlenhoff
>> March 23, 2018                        https://www.debian.org/security/faq
>> - -------------------------------------------------------------------------
>> 
>> Package        : icu
>> CVE ID         : CVE-2017-15422
>> 
>> It was discovered that an integer overflow in the International
>> Components for Unicode (ICU) library could result in denial of service
>> and potentially the execution of arbitrary code.
>> 
>> For the oldstable distribution (jessie), this problem has been fixed
>> in version 52.1-8+deb8u7.
>> 
>> For the stable distribution (stretch), this problem has been fixed in
>> version 57.1-6+deb9u2.
>> 
>> We recommend that you upgrade your icu packages.
>> 
>> For the detailed security status of icu please refer to
>> its security tracker page at:
>> https://security-tracker.debian.org/tracker/icu
>> ...

-------------------------------------------------------------------------------
- Nelson H. F. Beebe                    Tel: +1 801 581 5254                  -
- University of Utah                    FAX: +1 801 581 4148                  -
- Department of Mathematics, 110 LCB    Internet e-mail: beebe at math.utah.edu  -
- 155 S 1400 E RM 233                       beebe at acm.org  beebe at computer.org -
- Salt Lake City, UT 84112-0090, USA    URL: http://www.math.utah.edu/~beebe/ -
-------------------------------------------------------------------------------


More information about the tex-live mailing list