gnu: icu4c: Add fixes for CVE-2014-6585 and CVE-2015-1270.

* gnu/packages/patches/icu4c-CVE-2014-6585.patch, gnu/packages/patches/icu4c-CVE-2015-1270.patch: New files. * gnu-system.am (dist_patch_DATA): Add them. * gnu/packages/icu4c.scm (icu4c)[source]: Add patches.
author: Mark H Weaver <mhw@netris.org> 2015-09-19 21:35:18 -0400
committer: Mark H Weaver <mhw@netris.org> 2015-09-19 21:35:18 -0400
commit: 65d54af49f31a808a8481f34a95887eba4c8bb57 (patch)
tree: 5df23cb55a5f6dc1206b2c1b0709603726b3d67a /gnu/packages/patches/icu4c-CVE-2014-6585.patch
parent: 257abebba3c11b957d9d994dcaf5894a0410f807 (diff)
download: guix-65d54af49f31a808a8481f34a95887eba4c8bb57.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/gnu/packages/patches/icu4c-CVE-2014-6585.patch b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
new file mode 100644
index 0000000000..d21a0d0ba1
--- /dev/null
+++ b/gnu/packages/patches/icu4c-CVE-2014-6585.patch
@@ -0,0 +1,21 @@
+Copied from Debian.
+
+description: out-of-bounds read
+origin: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-6585
+
+--- a/source/layout/LETableReference.h
++++ b/source/layout/LETableReference.h
+@@ -322,7 +322,12 @@ LE_TRACE_TR("INFO: new RTAO")
+   }
+   
+   const T& operator()(le_uint32 i, LEErrorCode &success) const {
+-    return *getAlias(i,success);
++    const T *ret = getAlias(i,success);
++    if (LE_FAILURE(success) || ret==NULL) {
++      return *(new T());
++    } else {
++      return *ret;
++    }
+   }
+ 
+   size_t getOffsetFor(le_uint32 i, LEErrorCode &success) const {
author	Mark H Weaver <mhw@netris.org>	2015-09-19 21:35:18 -0400
committer	Mark H Weaver <mhw@netris.org>	2015-09-19 21:35:18 -0400
commit	65d54af49f31a808a8481f34a95887eba4c8bb57 (patch)
tree	5df23cb55a5f6dc1206b2c1b0709603726b3d67a /gnu/packages/patches/icu4c-CVE-2014-6585.patch
parent	257abebba3c11b957d9d994dcaf5894a0410f807 (diff)
download	guix-65d54af49f31a808a8481f34a95887eba4c8bb57.tar.gz