user release.debian....@packages.debian.org usertag 610792 + squeeze-can-defer tag 610792 + squeeze-ignore thanks
On Sat, January 22, 2011 14:32, Moritz Muehlenhoff wrote: > Package: pango1.0 > Severity: grave > Tags: security > > Discovered by Dan Rosenberg an posted to oss-security: > > "When used with FreeType2 as a backend, Pango is vulnerable to heap > corruption when rendering malformed fonts. The vulnerability occurs in > pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer > is malloc'd with size box->bitmap.rows * box->bitmap.pitch. > Subsequently, 0xff is written at offsets into this buffer without > checking that these offsets fall within the buffer's boundaries, > leading to heap corruption." This can be fixed via a security update after the release if required; tagging as not a blocker for 6.0.0. Regards, Adam -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
