CVE-2008-1036

Published: 02 June 2008

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Priority

Status

Package	Release	Status
icu Launchpad, Ubuntu, Debian	Upstream	Needed






	Patches: Vendor: http://launchpadlibrarian.net/23783267/icu.icu6175.emptysegments.patch Vendor: https://bugzilla.redhat.com/attachment.cgi?id=321139 Upstream: http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&noquickjump=1&changeset=on

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1036
https://usn.ubuntu.com/usn/usn-747-1
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/341834
https://bugzilla.redhat.com/show_bug.cgi?id=464168

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM