-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-4646-1                   security@debian.org
https://www.debian.org/security/                     Salvatore Bonaccorso
March 25, 2020                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : icu
CVE ID         : CVE-2020-10531
Debian Bug     : 953747

Andre Bargull discovered an integer overflow in the International
Components for Unicode (ICU) library which could result in denial of
service and potentially the execution of arbitrary code.

For the oldstable distribution (stretch), this problem has been fixed
in version 57.1-6+deb9u4.

For the stable distribution (buster), this problem has been fixed in
version 63.1-6+deb10u1.

We recommend that you upgrade your icu packages.

For the detailed security status of icu please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/icu

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl57hW9fFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND
z0SmchAAkFD6KbEBnsGjO6ZkxQIb1xp5votbZFnbKGWc2/zvJjn8razDuw0zU0CJ
ewdGDviwRm9BGbSax53/nIp21ceN38ntiv+GXexXmes79AcP0/XOlUjXT9UWWJ1n
bBWlCrAS6b9UK6dMpFq1iJOlxHlqSchDtndg1NWepENXPoJ5/ytVHPScBH12Fb1z
U8uPWJEEOmCdtUEkkXuzBIIxzRpyAP/jW+FvCeCKgHU6l04vaYY622n9dDiCs39x
uNtORWVdxXR6veXqiaKCX6NptbCybSP1iso+eggZrNrdjpiVxASyPWeO9uDQd9zD
j9dWhVpWVQU+x+5lXuAdiTCsD7J4i1o4L1nMencJ4GUFVj6cGNbe02ndCeBuUxmD
VTZK4FEwXfNpEKGJSQJ0ucSdrzZNPBCc/BjqZKcFTei+02scPDbAHEK7ziPyGExh
oLMiQSOks32lJ95zIj9gf8HETu2cRo4/sUY13ydPMkzeTl1H/57nY4qeQeny8Iyz
w93S6BIFKVpPQmiPsynXnq4CBUciwjV53z5fxBoq2KxZwhEQXYT2c56dnQrnMqwS
TLltx8eT4sd1gxvtUDYl1+6Br1yr4/rTZeP+zFjAHdt/ASIex0hviNiUF0Wxn5Ls
oa0alfqp6hK0TWPI+SR8IxlOnEHDIuoDkbgKUFkjEK9YWAgwgJo=
=/zwr
-----END PGP SIGNATURE-----