International Components for Unicode (ICU) is a set of C/C++ and Java + libraries providing Unicode and Globalization support for software + applications. +
+An error in the _canonicalize() function in uloc.cpp could cause a + stack-based buffer overflow. +
+A remote attacker could entice a user to open a specially crafted locale + representation using an application linked against ICU, possibly + resulting in execution of arbitrary code with the privileges of the + process or a Denial of Service condition. +
+There is no known workaround at this time.
+All ICU users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=dev-libs/icu-49.1.1-r1"
+
+
+ SquidClamav is a HTTP anti-virus for Squid based on ClamAV and ICAP.
+SquidClamav does not properly escape URLs before passing them to the + system command call. +
+A remote attacker could send a specially crafted URL to SquidClamav, + possibly resulting in a Denial of Service condition. +
+There is no known workaround at this time.
+All SquidClamav users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-proxy/squidclamav-6.8"
+
+ Atheme is a portable and secure set of open-source and modular IRC + services. CertFP is certificate fingerprinting used to authenticate users + to nicknames. +
+The “myuser_delete()” function in account.c does not properly remove + CertFP entries when deleting user accounts. +
+A remote authenticated attacker may be able to cause a Denial of Service + condition or gain access to an Atheme IRC Services user account. +
+There is no known workaround at this time.
+All Atheme users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=net-irc/atheme-services-6.0.10"
+
+ Calligra is an office suite by KDE.
+An error in the read() function in styles.cpp could cause a heap-based + buffer overflow. +
+A remote attacker could entice a user to open a specially crafted ODF + file, possibly resulting in execution of arbitrary code with the + privileges of the process or a Denial of Service condition. +
+There is no known workaround at this time.
+All Calligra users should upgrade to the latest version:
+ +
+ # emerge --sync
+ # emerge --ask --oneshot --verbose ">=app-office/calligra-2.4.3-r1"
+
+
+