Common Vulnerabilities and Exposures assigned an identifier CVE-2013-2924 to the following vulnerability: Name: CVE-2013-2924 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2924 Assigned: 20130411 Reference: http://bugs.icu-project.org/trac/ticket/10318 Reference: http://googlechromereleases.blogspot.com/2013/10/stable-channel-update.html Reference: https://code.google.com/p/chromium/issues/detail?id=275803 Reference: https://src.chromium.org/viewvc/chrome?revision=219151&view=revision Use-after-free vulnerability in International Components for Unicode (ICU), as used in Google Chrome before 30.0.1599.66 and other products, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
Created mingw-icu tracking bugs for this issue: Affects: fedora-all [bug 1015595]
Created icu tracking bugs for this issue: Affects: fedora-all [bug 1015594]
https://ssl.icu-project.org/trac/ticket/10318 results in Error: Forbidden TICKET_VIEW privileges are required to perform this operation on Ticket #10318 There is one commit assigned to that ticket, https://ssl.icu-project.org/trac/review/10318 I assume that is the only change required and it is applicable to ICU 50.
Can't answer that one, as I don't have access to the ticket either, so I'm not sure whether that assumption is correct or not.
(In reply to Eike Rathke from comment #4) > https://ssl.icu-project.org/trac/ticket/10318 results in > Error: Forbidden > TICKET_VIEW privileges are required to perform this operation on Ticket > #10318 > > There is one commit assigned to that ticket, > https://ssl.icu-project.org/trac/review/10318 > > I assume that is the only change required and it is applicable to ICU 50. The following patch was applied to chromium to fix the issue: https://src.chromium.org/viewvc/chrome/trunk/deps/third_party/icu46/source/i18n/csrucode.cpp?r1=219032&r2=219031&pathrev=219032 This corresponds to the following chromium security bug: (which is the same as the one linked in the CVE details in the description of this bug) https://code.google.com/p/chromium/issues/detail?id=275803 Comparing the chromium patch with upstream patch (https://ssl.icu-project.org/trac/changeset/34076), i can conclude with significant confidence that the patch mentioned in comment #4 is the actual upstream patch. Upstream patch: https://ssl.icu-project.org/trac/changeset/34076
This issue affects the version of icu shipped with Red Hat Enterprise Linux 5 and 6.
Statement: This issue affects the version of icu as shipped with Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this issue as having moderate security impact, a future update may address this flaw.
icu-50.1.2-10.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
icu-49.1.1-12.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
icu-50.1.2-9.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2013-2924