On Fri, Apr 14, 2017 at 2:52 PM, Salvatore Bonaccorso <car...@debian.org> wrote: > Control: retitle -1 icu: CVE-2017-7867 CVE-2017-7868: Heap-buffer-overflow in > utf8TextAccess > > Adding as well > > CVE-2017-7868: [...] > which has the same upstream ticket (closed) and same changeset to fix, > but are for issues via two different functions. With all the respect, I think these have different upstream tickets. If I open the CVE-2017-7868 MITRE page[1] and follow the Chromium bug page, on comment #2 [2] I see ICU ticket 12954 instead of 12888. But both unavailable to view, I'm not 100% sure it's the same bug. At least the ICU changeset 39671 [3] mentions only the latter ticket.
> Still think both affect icu back to 52.1, but please double check if > I'm wrong possibly. Still on my TODO list. Regards, Laszlo/GCS [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868 [2] https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=437#c2 [3] https://ssl.icu-project.org/trac/changeset/39671
