package: pango severity: grave tags: security Hi,
The following CVE (Common Vulnerabilities & Exposures) id was published for pango1.0. CVE-2009-1194[0]: |Pango is a library for laying out and rendering text, with an emphasis |on internationalization. Pango suffers from a multiplicative integer |overflow which may lead to a potentially exploitable, heap overflow |depending on the calling conditions. For example, this vulnerability is |remotely reachable in Firefox by creating an overly large |document.location value but only results in a process-terminating, |allocation error (denial of service). | |The affected function is pango_glyph_string_set_size. An overflow check |when doubling the size neglects the overflow possible on the subsequent |allocation: | | string->glyphs = g_realloc (string->glyphs, string->space * | sizeof (PangoGlyphInfo)); | |Note that other font rendering subsystems suffer from similar issues and |should be cross-checked by maintainers. Please coordinate with the security team (t...@security.debian.org) to prepare updates for the stable releases. See also see USN-773-1 [1]. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1194 http://security-tracker.debian.net/tracker/CVE-2009-1194 [1] http://www.ubuntu.com/usn/USN-773-1 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
