CVE-2009-0153

Publication date 13 May 2009

Last updated 24 July 2024

Ubuntu priority

Description

International Components for Unicode (ICU) 4.0, 3.6, and other 3.x versions, as used in Apple Mac OS X 10.5 before 10.5.7, iPhone OS 1.0 through 2.2.1, iPhone OS for iPod touch 1.1 through 2.2.1, Fedora 9 and 10, and possibly other operating systems, does not properly handle invalid byte sequences during Unicode conversion, which might allow remote attackers to conduct cross-site scripting (XSS) attacks.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
icu	9.04 jaunty	Fixed 3.8.1-3ubuntu1.1
	8.10 intrepid	Fixed 3.8.1-2ubuntu0.2
	8.04 LTS hardy	Fixed 3.8-6ubuntu0.2
	6.06 LTS dapper	Ignored end of life

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
icu	Vendor: http://www.debian.org/security/2009/dsa-1889

CVE-2009-0153

Description

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references