Re: CVE request: icu: stack-based buffer overflow in uloc_getDisplayName

[<cve-assign () mitre org>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://bugzilla.redhat.com/show_bug.cgi?id=1383569

> http://bugs.icu-project.org/trac/ticket/10891
> http://bugs.icu-project.org/trac/changeset/35699

> https://bugs.php.net/bug.php?id=67397

> Note that the PHP bug is exactly the same flaw, but they worked around
> it by limiting the length of strings passed to icu.  I don't believe
> this needs a separate CVE even though it was "fixed" independently.

Use CVE-2014-9911 for the ICU vulnerability, and use CVE-2014-9912 for
the PHP vulnerability. Admittedly, the code changes in ICU and PHP had
the same motivation. However, the code is not shared between
ures_getByKeyWithFallback in ICU and get_icu_disp_value_src_php in
PHP. Thus, two CVE IDs exist. This is also consistent with similar
ICU/PHP situations in the
http://www.openwall.com/lists/oss-security/2016/07/24/2 and
http://www.openwall.com/lists/oss-security/2016/09/15/10 posts.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYN4pmAAoJEHb/MwWLVhi2iXQP/0p5ye6sA3p3BNLXi1HvLKN3
kTljswgWfZxD5/GINLjMGzf0Gr94weE6GfbxmrYbenjmghKTPU+tRgfpOd6TwteU
kai0Vuluk020bYb9d769qyYc47rzKZ0h5FJCc/Ef+kQNWPMOHS+ogF8D11p575W0
gFZyiw9h5HNHT7A5VV1NisFN607Q3IwJncNZfI1PLwZJ/t1dtNI8HGsKZCo5tlKq
ZdWIibAuVThj9k4OKmZfdxe3SHInFv2dfDoLXwQH+hwnLLs7xkN3X5Tu/PXpkqtV
cc/eqZTRW1TSxou4p0S8T7d410z3WArVecVNfFZxv58xua+Goj/bXwPRuAUQTY8q
SpuR3NDwFoM23IURqTStQ/+NXbhGtjJpUltQjZ776hBEm/S/rljYMA5sJs4sBtjI
VsiA8jqjeewOheQQnEOA/VVH8JvQQ8AATOKD6gRkDCuxTYwhemabzR9jUOpVP/Cv
9f/4e/KIYug2wHcfTtEoqZEGtgIEQRdcGpEjOq7y7X9ETMWnTRNh1iIzKVOilFyv
uCcNE1m0JJPALb0p72AqDb5rEL8cWynrvNQrcLifONF5/65uEa+5Hi4rXhayaQN1
MDo0OTwKJUw90vhEeLP+hTx3bQJtp6bRTfz1avIhEmG0DmoErm9opAj/pK7o8uWV
1EQnxE97WQjHimhYejXd
=jGfq
-----END PGP SIGNATURE-----