Debian-LTS has issued an advisory today (September 8): http://lwn.net/Alerts/699938/ Debian also has a patch for this issue for 57.1 in sid. Mageia 5 is also affected.
Whiteboard: (none) => MGA5TOO
Patched packages uploaded for Mageia 5 and Cauldron. Advisory: ======================== Updated icu packages fix security vulnerability: Buffer overflow ICU in the uloc_acceptLanguageFromHTTP() function (CVE-2016-6293). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293 http://lwn.net/Alerts/699938/ ======================== Updated packages in core/updates_testing: ======================== icu-53.1-12.4.mga5 icu53-data-53.1-12.4.mga5 icu-doc-53.1-12.4.mga5 libicu53-53.1-12.4.mga5 libicu-devel-53.1-12.4.mga5 from icu-53.1-12.4.mga5.src.rpm
Version: Cauldron => 5Assignee: bugsquad => qa-bugsWhiteboard: MGA5TOO => (none)
Just testing that the update installs cleanly, and icuinfo works.
Keywords: (none) => validated_updateWhiteboard: (none) => MGA5-32-OK advisoryCC: (none) => davidwhodgins, sysadmin-bugs
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2016-0314.html
Status: NEW => RESOLVEDResolution: (none) => FIXED