[MacPorts] #54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

[MacPorts] #54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868

MacPorts
#54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868
--------------------+------------------------
 Reporter:  l2dy    |      Owner:  ryandesign
     Type:  defect  |     Status:  new
 Priority:  Normal  |  Milestone:
Component:  ports   |    Version:
 Keywords:          |       Port:  icu
--------------------+------------------------
 See https://ssl.icu-project.org/trac/changeset/39671. Fixed in icu 59.1.

 https://nvd.nist.gov/vuln/detail/CVE-2017-7867
 https://nvd.nist.gov/vuln/detail/CVE-2017-7868

--
Ticket URL: <https://trac.macports.org/ticket/54004>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868

MacPorts
#54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868
---------------------+------------------------
  Reporter:  l2dy    |      Owner:  ryandesign
      Type:  defect  |     Status:  accepted
  Priority:  Normal  |  Milestone:
 Component:  ports   |    Version:
Resolution:          |   Keywords:
      Port:  icu     |
---------------------+------------------------
Changes (by ryandesign):

 * status:  new => accepted


Old description:

> See https://ssl.icu-project.org/trac/changeset/39671. Fixed in icu 59.1.
>
> https://nvd.nist.gov/vuln/detail/CVE-2017-7867
> https://nvd.nist.gov/vuln/detail/CVE-2017-7868

New description:

 See https://ssl.icu-project.org/trac/changeset/39671. Fixed in icu 59.1.

 https://nvd.nist.gov/vuln/detail/CVE-2017-7867\\
 https://nvd.nist.gov/vuln/detail/CVE-2017-7868

--

Comment:

 Given the major version number increase, I imagine this will involve
 revbumping and rebuilding all dependents again.

--
Ticket URL: <https://trac.macports.org/ticket/54004#comment:1>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868

MacPorts
In reply to this post by MacPorts
#54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868
---------------------+------------------------
  Reporter:  l2dy    |      Owner:  ryandesign
      Type:  defect  |     Status:  accepted
  Priority:  Normal  |  Milestone:
 Component:  ports   |    Version:
Resolution:          |   Keywords:
      Port:  icu     |
---------------------+------------------------

Comment (by ryandesign):

 Yikes:

 http://site.icu-project.org/download/59:

 > There are major changes for ICU4C that require changes in projects using
 ICU. See below for details.

 > * ICU4C now uses and requires C++11 language features and libraries.
 > * ICU4C has also moved to char16_t as the type for UTF-16. This is a
 breaking change. Please see the detail section below.

 Seems like updating to this version will break a ton of stuff on non-C++11
 platforms (OS X <= 10.8) so I don't think we should update yet. I can
 patch to address the CVEs though.

--
Ticket URL: <https://trac.macports.org/ticket/54004#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: [MacPorts] #54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868

MacPorts
In reply to this post by MacPorts
#54004: icu @58.2: fix CVE-2017-7867 and CVE-2017-7868
---------------------+------------------------
  Reporter:  l2dy    |      Owner:  ryandesign
      Type:  defect  |     Status:  closed
  Priority:  Normal  |  Milestone:
 Component:  ports   |    Version:
Resolution:  fixed   |   Keywords:
      Port:  icu     |
---------------------+------------------------
Changes (by ryandesign):

 * status:  accepted => closed
 * resolution:   => fixed


Comment:

 In [changeset:"ed8c15b1c8e4d61eebf722c9c45bb96895c53afe/macports-ports"
 ed8c15b1c8e4d61eebf722c9c45bb96895c53afe/macports-ports]:
 {{{
 #!ConfigurableCommitTicketReference repository="macports-ports"
 revision="ed8c15b1c8e4d61eebf722c9c45bb96895c53afe"
 icu: Address CVE-2017-7867 and CVE-2017-7868

 Closes: https://trac.macports.org/ticket/54004
 }}}

--
Ticket URL: <https://trac.macports.org/ticket/54004#comment:3>
MacPorts <https://www.macports.org/>
Ports system for macOS
Loading...