{"id":"MGASA-2015-0047","summary":"Updated icu packages fix security vulnerabilities","details":"Updated icu packages fix security vulnerabilities:\n\nThe Regular Expressions package in International Components for Unicode (ICU)\n52 before SVN revision 292944 allows remote attackers to cause a denial of\nservice (memory corruption) or possibly have unspecified other impact via\nvectors related to a zero-length quantifier or look-behind expression\n(CVE-2014-7923, CVE-2014-7926).\n\nThe collator implementation in i18n/ucol.cpp in International Components for\nUnicode (ICU) 52 through SVN revision 293126 does not initialize memory for a\ndata structure, which allows remote attackers to cause a denial of service or\npossibly have unspecified other impact via a crafted character sequence\n(CVE-2014-7940).\n","modified":"2026-01-31T05:08:21.225289Z","published":"2015-01-31T13:23:52Z","related":["CVE-2014-7923","CVE-2014-7926","CVE-2014-7940"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0047.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=15145"},{"type":"REPORT","url":"http://googlechromereleases.blogspot.com/2015/01/stable-update.html"}],"affected":[{"package":{"name":"icu","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/icu?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"52.1-2.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0047.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}