Your submission was sent successfully! Close

CVE-2020-21913

Published: 20 September 2021

International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.

Priority

Low

CVSS 3 base score: 5.5

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(code not compiled)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

icu
Launchpad, Ubuntu, Debian
Upstream
Released (66.1)
Ubuntu 21.10 (Impish Indri) Not vulnerable
(67.1-7ubuntu1)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(67.1-6ubuntu1)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(66.1-2ubuntu1)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (60.2-3ubuntu3.2)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (55.1-7ubuntu0.5+esm1)
Ubuntu 14.04 ESM (Trusty Tahr)
Released (52.1-3ubuntu0.8+esm2)
Patches:
Upstream: https://github.com/unicode-org/icu/commit/727505bddab0bfd527f1db6697cb4d4f7febe4a9
mozjs38
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs52
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs68
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Does not exist

Ubuntu 21.04 (Hirsute Hippo) Does not exist

Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

mozjs78
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(code not compiled)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not compiled)
Ubuntu 20.04 LTS (Focal Fossa) Does not exist

Ubuntu 18.04 LTS (Bionic Beaver) Does not exist

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

thunderbird
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(code not compiled)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(code not compiled)
Ubuntu 20.04 LTS (Focal Fossa) Not vulnerable
(code not compiled)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not compiled)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(code not compiled)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist