summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorOvidiu Panait <ovidiu.panait@windriver.com>2017-11-10 17:46:10 +0200
committerRichard Purdie <richard.purdie@linuxfoundation.org>2017-11-21 13:06:12 +0000
commit3bd6d1831b1b021a5d788dc7b59def57bd965407 (patch)
tree2ca0d30b700fb337dfc662103472b582d1b19ac3
parente75d9c336442cf1108437fbae3ddc43946fbabb0 (diff)
downloadpoky-3bd6d1831b1b021a5d788dc7b59def57bd965407.tar.gz
icu: CVE-2017-14952
Double free in i18n/zonemeta.cpp in International Components for Unicode (ICU) for C/C++ through 59.1 allows remote attackers to execute arbitrary code via a crafted string, aka a "redundant UVector entry clean up function call" issue. Reference: https://nvd.nist.gov/vuln/detail/CVE-2017-14952 Upstream patches: http://bugs.icu-project.org/trac/changeset/40324/trunk/icu4c/source/i18n/zonemeta.cpp (From OE-Core rev: 4ff12a8bf2b8d094085afbe8fa1d43f781cfa79d) Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
-rw-r--r--meta/recipes-support/icu/icu/CVE-2017-14952.patch28
-rw-r--r--meta/recipes-support/icu/icu_59.1.bb1
2 files changed, 29 insertions, 0 deletions
diff --git a/meta/recipes-support/icu/icu/CVE-2017-14952.patch b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
new file mode 100644
index 0000000000..f759efc435
--- /dev/null
+++ b/meta/recipes-support/icu/icu/CVE-2017-14952.patch
@@ -0,0 +1,28 @@
1From fc83cd832725d3968011f118637b9f5d212e8717 Mon Sep 17 00:00:00 2001
2From: Ovidiu Panait <ovidiu.panait@windriver.com>
3Date: Fri, 10 Nov 2017 16:51:25 +0200
4Subject: [PATCH] Removed redundant UVector entry clean up function call.
5
6Upstream-Status: Backport
7CVE: CVE-2017-14952
8
9Signed-off-by: Ovidiu Panait <ovidiu.panait@windriver.com>
10---
11 i18n/zonemeta.cpp | 1 -
12 1 file changed, 1 deletion(-)
13
14diff --git a/i18n/zonemeta.cpp b/i18n/zonemeta.cpp
15index 84a9657..e163b00 100644
16--- a/i18n/zonemeta.cpp
17+++ b/i18n/zonemeta.cpp
18@@ -690,7 +690,6 @@ ZoneMeta::createMetazoneMappings(const UnicodeString &tzid) {
19 mzMappings = new UVector(deleteOlsonToMetaMappingEntry, NULL, status);
20 if (U_FAILURE(status)) {
21 delete mzMappings;
22- deleteOlsonToMetaMappingEntry(entry);
23 uprv_free(entry);
24 break;
25 }
26--
272.10.2
28
diff --git a/meta/recipes-support/icu/icu_59.1.bb b/meta/recipes-support/icu/icu_59.1.bb
index 31f017b370..9fb1be81cc 100644
--- a/meta/recipes-support/icu/icu_59.1.bb
+++ b/meta/recipes-support/icu/icu_59.1.bb
@@ -17,6 +17,7 @@ SRC_URI = "${BASE_SRC_URI} \
17 file://icu-pkgdata-large-cmd.patch \ 17 file://icu-pkgdata-large-cmd.patch \
18 file://fix-install-manx.patch \ 18 file://fix-install-manx.patch \
19 file://0001-i18n-Drop-include-xlocale.h.patch \ 19 file://0001-i18n-Drop-include-xlocale.h.patch \
20 file://CVE-2017-14952.patch \
20 " 21 "
21 22
22SRC_URI_append_class-target = "\ 23SRC_URI_append_class-target = "\