An unspecified integer overflow via incorrect state size was fixed in Debian's ICU package: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773
Hi Martin, (In reply to Martin Prpic from comment #0) > An unspecified integer overflow via incorrect state size was fixed in > Debian's ICU package: > > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773 Should that be CVE-2014-8147? The bug subject in the Debian BTS referred to CVE-2015-8146 and CVE-2015-8147 but the assigned CVEs seem to be CVE-2014-8146 and CVE-2014-8147. https://marc.info/?l=oss-security&m=143081399320763&w=2 Regards, Salvatore
Exactly, these do look like CVE id typos (2014 vs. 2015). Can you get the Debian side cleaned-up?
Duplicate of bug 1176200 caused by typo in CVE id. *** This bug has been marked as a duplicate of bug 1176200 ***
Hi Tomas, (In reply to Tomas Hoger from comment #2) > Exactly, these do look like CVE id typos (2014 vs. 2015). Can you get the > Debian side cleaned-up? Yes. They waere already right in the tracker, but the subject was wrong, so fixed that now.
I posted request to reject 2015 ids: http://seclists.org/oss-sec/2015/q2/490 http://www.openwall.com/lists/oss-security/2015/05/19/3