CVE-2008-1036
Published: 2 June 2008
The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.
Priority
Status
Package | Release | Status |
---|---|---|
icu
Launchpad, Ubuntu, Debian |
dapper |
Released
(3.4.1a-1ubuntu1.6.06.2)
|
gutsy |
Released
(3.6-3ubuntu0.2)
|
|
hardy |
Released
(3.8-6ubuntu0.1)
|
|
intrepid |
Released
(3.8.1-2ubuntu0.1)
|
|
upstream |
Needed
|
|
Patches:
vendor: http://launchpadlibrarian.net/23783267/icu.icu6175.emptysegments.patch vendor: https://bugzilla.redhat.com/attachment.cgi?id=321139 upstream: http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&noquickjump=1&changeset=on |