[Secure-testing-team] Bug#775884: icu: CVE-2014-6591
Moritz Muehlenhoff
jmm at inutil.org
Wed Jan 21 06:36:51 UTC 2015
Package: icu
Severity: important
Tags: security
Hi,
the issue CVE-2014-6585 from today's Oracle patch update
(http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html)
is actually a vulnerability in ICU (since Java embeds a copy). Red Hat
has tracked this down further and isolated the patch, please see
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6591 for more
details. The patch isn't in ICU trunk yet, so please forward it
upstream unless they are not aware of it yet. It would be nice to
get that fixed in jessie.
Cheers,
Moritz
More information about the Secure-testing-team
mailing list