git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Changqing Li <changqing.li@windriver.com>
	Mon, 7 Jul 2025 09:07:28 +0000 (17:07 +0800)
committer	Steve Sakoman <steve@sakoman.com>
	Tue, 8 Jul 2025 21:45:39 +0000 (14:45 -0700)
commit	a35ff17a0985389842c89e35f264f1d9f2b6bbae
tree	7229cb73189e5981cd8c693c86a9c7311bd64177	tree \| snapshot
parent	8f50b0761fc4d49fae8d174956052e3ff9024a5e	commit \| diff

icu: fix CVE-2025-5222

CVE-2025-5222:
A stack buffer overflow was found in Internationl components for unicode
(ICU ). While running the genrb binary, the 'subtag' struct overflowed
at the SRBRoot::addTag function. This issue may lead to memory
corruption and local arbitrary code execution.

Refer:
https://nvd.nist.gov/vuln/detail/CVE-2025-5222
https://unicode-org.atlassian.net/browse/ICU-22957
https://github.com/unicode-org/icu/commit/2c667e31cfd0b6bb1923627a932fd3453a5bac77

Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-support/icu/icu/CVE-2025-5222.patch	[new file with mode: 0644]	blob
meta/recipes-support/icu/icu_74-2.bb		diff \| blob \| blame \| history