-
Committer:
Package Import Robot
-
Author(s):
Marc Deslauriers
-
Date:
2009-03-25 08:37:53 UTC
-
Revision ID:
package-import@ubuntu.com-20090325083753-21rrzn8g34tv7b0q
Tags: 3.8.1-3ubuntu1
* SECURITY UPDATE: Cross-site scripting attack via invalid character
sequences (LP: #341834)
- debian/patches/03-cve-2008-1036.patch: Improve parsing logic in
source/common/{ucnv2022.c,ucnv_bld.*,ucnv.c,ucnvhz.c} to replace
invalid character sequences. Also, add test case to
source/test/{cintltst/nucnvtst.c,testdata/conversion.txt}.
- CVE-2008-1036