Leo Famulari writes: > * gnu/packages/patches/icu4c-CVE-2020-10531.patch: New file. > * gnu/local.mk (dist_patch_DATA): Add it. > * gnu/packages/icu4c.scm (icu4c)[replacement]: New field. > (icu4c/fixed): New variable. [...] > diff --git a/gnu/packages/patches/icu4c-CVE-2020-10531.patch b/gnu/packages/patches/icu4c-CVE-2020-10531.patch > new file mode 100644 > index 0000000000..e996783e75 > --- /dev/null > +++ b/gnu/packages/patches/icu4c-CVE-2020-10531.patch > @@ -0,0 +1,126 @@ > +Fix CVE-2020-10531: > + > +https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531 > + > +Patch copied from upstream source repository: > + > +https://github.com/unicode-org/icu/commit/b7d08bc04a4296982fcef8b6b8a354a9e4e7afca > + > +From b7d08bc04a4296982fcef8b6b8a354a9e4e7afca Mon Sep 17 00:00:00 2001 > +From: Frank Tang > +Date: Sat, 1 Feb 2020 02:39:04 +0000 > +Subject: [PATCH] ICU-20958 Prevent SEGV_MAPERR in append > + > +See #971 > +--- > + icu4c/source/common/unistr.cpp | 6 ++- > + icu4c/source/test/intltest/ustrtest.cpp | 62 +++++++++++++++++++++++++ > + icu4c/source/test/intltest/ustrtest.h | 1 + > + 3 files changed, 68 insertions(+), 1 deletion(-) I'm not sure if the new test case as well as this git commit header is necessary. IMO it mostly adds noise to the patch. I.e. the whole file could be shortened to 6 lines + your comments at the top. But no strong opinion, there is an argument to be made for preserving upstream commits in their entirety too (I think). So, LGTM either way. Thank you!