From:
[email protected]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- ------------------------------------------------------------------------ Debian Security Advisory DSA-1762-1
[email protected] http://www.debian.org/security/ Steffen Joeris
April 02, 2009
http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : icu
Vulnerability : insufficient input sanitising
Problem type : remote
Debian-specific: no
CVE Id : CVE-2008-1036
It was discovered that icu, the internal components for Unicode, did
not properly sanitise invalid encoded data, which could lead to cross-
site scripting attacks.
For the stable distribution (lenny), this problem has been fixed in
version 3.8.1-3+lenny1.
For the oldstable distribution (etch), this problem has been fixed in
version 3.6-2etch2.
For the testing distribution (squeeze) and the unstable distribution
(sid), this problem has been fixed in version 4.0.1-1.
We recommend that you upgrade your icu packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Debian (oldstable)
- ------------------
Oldstable updates are available for alpha, amd64, arm, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.diff.gz
Size/MD5 checksum: 14912 d15e89ba186f4003cf0fe25523bf5b68
http://security.debian.org/pool/updates/main/i/icu/icu_3.6-2etch2.dsc
Size/MD5 checksum: 600 be64e9d5a346866e9cb5c0f60243d2fe
http://security.debian.org/pool/updates/main/i/icu/icu_3.6.orig.tar.gz
Size/MD5 checksum: 9778863 0f1bda1992b4adca62da68a7ad79d830
Architecture independent packages:
http://security.debian.org/pool/updates/main/i/icu/icu-doc_3.6-2etch2_all.deb
Size/MD5 checksum: 3334030 c6e6fbd348c8d802746a890393a767a5
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_alpha.deb
Size/MD5 checksum: 5584350 c988d1810f2abe6aca3c530061343674
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_alpha.deb
Size/MD5 checksum: 7009562 489c1341f1331b8664ec201d7b0896ac
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_amd64.deb
Size/MD5 checksum: 5444828 4cf4fecae90466c879a1b506da4b54da
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_amd64.deb
Size/MD5 checksum: 6584058 b74be6476a73b13f397c742dd05a46ef
arm architecture (ARM)
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_arm.deb
Size/MD5 checksum: 5455872 ffd9a4362bd56c95ac8c9e2d59b0f85b
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_arm.deb
Size/MD5 checksum: 6625136 a64d8a5965f960b7a42f175465552d1b
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_i386.deb
Size/MD5 checksum: 6480730 bab51b594e5b159ec97c4d0a78e137d4
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_i386.deb
Size/MD5 checksum: 5464844 6022ce1a314dc2ac9ba6a4e7c2364c0f
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_ia64.deb
Size/MD5 checksum: 7240032 54c98bff14b4d4b9106cbe4a0f37a790
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_ia64.deb
Size/MD5 checksum: 5865936 dfe2b9a21d02b3f6d0328076e90884b9
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mips.deb
Size/MD5 checksum: 5747772 6f7e94aa52df7e55632aded82da5be5b
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mips.deb
Size/MD5 checksum: 7032276 c873f62a11e599880d349171be6724b7
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_mipsel.deb
Size/MD5 checksum: 6767430 c34cfe617b2fa3b0ac265f445a77b151
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_mipsel.deb
Size/MD5 checksum: 5462642 42cec53922ec7b565c314daca3480331
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_powerpc.deb
Size/MD5 checksum: 6889534 dbbcea68da2b4cde02734cf8af6a8bdd
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_powerpc.deb
Size/MD5 checksum: 5748424 4af92234d22b585cdce7912733bc309e
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_s390.deb
Size/MD5 checksum: 6895200 637a01ea921657380bd42959e4bd5adf
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_s390.deb
Size/MD5 checksum: 5777440 b1be81050b86652f9c1d943bc4887dc7
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/i/icu/libicu36-dev_3.6-2etch2_sparc.deb
Size/MD5 checksum: 6772296 b0bb6f8d327193d0e9055e8eb8f98a51
http://security.debian.org/pool/updates/main/i/icu/libicu36_3.6-2etch2_sparc.deb
Size/MD5 checksum: 5671528 fa33dfa1c2278405708d23cd94be6919
Debian GNU/Linux 5.0 alias lenny
- --------------------------------
Debian (stable)
- ---------------
Stable updates are available for alpha, amd64, arm, armel, hppa, i386, ia64, mips, mipsel, powerpc, s390 and sparc.
Source archives:
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1-3+lenny1.dsc
Size/MD5 checksum: 1297 daaf6d8629a5cde19dcfed98bc9a84a9
http://security.debian.org/pool/updates/main/i/icu/icu_3.8.1.orig.tar.gz
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)