Version in base suite: 63.1-6

Base version: icu_63.1-6
Target version: icu_63.1-6+deb10u1
Base file: /srv/ftp-master.debian.org/ftp/pool/main/i/icu/icu_63.1-6.dsc
Target file: /srv/ftp-master.debian.org/policy/pool/main/i/icu/icu_63.1-6+deb10u1.dsc

 changelog                    |    7 +++++++
 patches/CVE-2020-10531.patch |   26 ++++++++++++++++++++++++++
 patches/series               |    1 +
 3 files changed, 34 insertions(+)

diff -Nru icu-63.1/debian/changelog icu-63.1/debian/changelog
--- icu-63.1/debian/changelog	2019-01-23 16:51:20.000000000 +0000
+++ icu-63.1/debian/changelog	2020-03-13 18:49:33.000000000 +0000
@@ -1,3 +1,10 @@
+icu (63.1-6+deb10u1) buster-security; urgency=high
+
+  * Backport upstream security fix for CVE-2020-10531: SEGV_MAPERR in
+    UnicodeString::doAppend() (closes: #953747).
+
+ -- Laszlo Boszormenyi (GCS) <gcs@debian.org>  Fri, 13 Mar 2020 18:49:33 +0000
+
 icu (63.1-6) unstable; urgency=medium
 
   * Build without icu-config (closes: #898820).
diff -Nru icu-63.1/debian/patches/CVE-2020-10531.patch icu-63.1/debian/patches/CVE-2020-10531.patch
--- icu-63.1/debian/patches/CVE-2020-10531.patch	1970-01-01 00:00:00.000000000 +0000
+++ icu-63.1/debian/patches/CVE-2020-10531.patch	2020-03-13 18:49:33.000000000 +0000
@@ -0,0 +1,26 @@
+From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001
+From: Frank Tang <ftang@chromium.org>
+Date: Sat, 1 Feb 2020 02:39:04 +0000
+Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append
+
+See #971
+---
+ source/common/unistr.cpp          |  6 ++-
+
+diff --git a/source/common/unistr.cpp b/source/common/unistr.cpp
+index 901bb3358ba..077b4d6ef20 100644
+--- a/source/common/unistr.cpp
++++ b/source/common/unistr.cpp
+@@ -1564,7 +1564,11 @@ UnicodeString::doAppend(const UChar *srcChars, int32_t srcStart, int32_t srcLeng
+   }
+ 
+   int32_t oldLength = length();
+-  int32_t newLength = oldLength + srcLength;
++  int32_t newLength;
++  if (uprv_add32_overflow(oldLength, srcLength, &newLength)) {
++    setToBogus();
++    return *this;
++  }
+ 
+   // Check for append onto ourself
+   const UChar* oldArray = getArrayStart();
diff -Nru icu-63.1/debian/patches/series icu-63.1/debian/patches/series
--- icu-63.1/debian/patches/series	2018-11-07 18:15:15.000000000 +0000
+++ icu-63.1/debian/patches/series	2020-03-13 18:49:31.000000000 +0000
@@ -5,3 +5,4 @@
 layout-test-fix.patch
 ICU-20246_Fixing_another_integer_overflow_in_number_parsing.patch
 ICU-20208_uspoof.cpp_function_checkImpl_should_be_static.patch
+CVE-2020-10531.patch