CVE-2008-1036

Publication date 2 June 2008

Last updated 24 July 2024

Ubuntu priority

The International Components for Unicode (ICU) library in Apple Mac OS X before 10.5.3, Red Hat Enterprise Linux 5, and other operating systems omits some invalid character sequences during conversion of some character encodings, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
icu	8.10 intrepid	Fixed 3.8.1-2ubuntu0.1
	8.04 LTS hardy	Fixed 3.8-6ubuntu0.1
	7.10 gutsy	Fixed 3.6-3ubuntu0.2
	6.06 LTS dapper	Fixed 3.4.1a-1ubuntu1.6.06.2

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
icu	Vendor: http://launchpadlibrarian.net/23783267/icu.icu6175.emptysegments.patch Vendor: https://bugzilla.redhat.com/attachment.cgi?id=321139 Upstream: http://bugs.icu-project.org/trac/search?q=%22ticket:6175:%22&noquickjump=1&changeset=on

CVE-2008-1036

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references