Bug#610792: marked as done (CVE-2011-0020: heap corruption in libpango)

[Debian Bug Tracking System]

Your message dated Mon, 24 Jan 2011 22:05:04 +0000
with message-id <e1phux2-0001g8...@franck.debian.org>
and subject line Bug#610792: fixed in pango1.0 1.28.3-1+squeeze1
has caused the Debian Bug report #610792,
regarding CVE-2011-0020: heap corruption in libpango
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
610792: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610792
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: pango1.0
Severity: grave
Tags: security

Discovered by Dan Rosenberg an posted to oss-security:

"When used with FreeType2 as a backend, Pango is vulnerable to heap
corruption when rendering malformed fonts. The vulnerability occurs in
pango_ft2_font_render_box_glyph() in pango/pangoft2-render.c. A buffer
is malloc'd with size box->bitmap.rows * box->bitmap.pitch.
Subsequently, 0xff is written at offsets into this buffer without
checking that these offsets fall within the buffer's boundaries,
leading to heap corruption."

-Dan

[1] https://bugs.launchpad.net/ubuntu/+source/pango1.0/+bug/696616

-- System Information:
Debian Release: 6.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

--- End Message ---

--- Begin Message ---

Source: pango1.0
Source-Version: 1.28.3-1+squeeze1

We believe that the bug you reported is fixed in the latest version of
pango1.0, which is due to be installed in the Debian FTP archive:

libpango1.0-0-dbg_1.28.3-1+squeeze1_amd64.deb
  to main/p/pango1.0/libpango1.0-0-dbg_1.28.3-1+squeeze1_amd64.deb
libpango1.0-0_1.28.3-1+squeeze1_amd64.deb
  to main/p/pango1.0/libpango1.0-0_1.28.3-1+squeeze1_amd64.deb
libpango1.0-common_1.28.3-1+squeeze1_all.deb
  to main/p/pango1.0/libpango1.0-common_1.28.3-1+squeeze1_all.deb
libpango1.0-dev_1.28.3-1+squeeze1_amd64.deb
  to main/p/pango1.0/libpango1.0-dev_1.28.3-1+squeeze1_amd64.deb
libpango1.0-doc_1.28.3-1+squeeze1_all.deb
  to main/p/pango1.0/libpango1.0-doc_1.28.3-1+squeeze1_all.deb
libpango1.0-udeb_1.28.3-1+squeeze1_amd64.udeb
  to main/p/pango1.0/libpango1.0-udeb_1.28.3-1+squeeze1_amd64.udeb
pango1.0_1.28.3-1+squeeze1.diff.gz
  to main/p/pango1.0/pango1.0_1.28.3-1+squeeze1.diff.gz
pango1.0_1.28.3-1+squeeze1.dsc
  to main/p/pango1.0/pango1.0_1.28.3-1+squeeze1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 610...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Josselin Mouette <j...@debian.org> (supplier of updated pango1.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Mon, 24 Jan 2011 21:39:46 +0100
Source: pango1.0
Binary: libpango1.0-0 libpango1.0-udeb libpango1.0-common libpango1.0-dev 
libpango1.0-0-dbg libpango1.0-doc
Architecture: source all amd64
Version: 1.28.3-1+squeeze1
Distribution: unstable
Urgency: low
Maintainer: Sebastien Bacher <seb...@debian.org>
Changed-By: Josselin Mouette <j...@debian.org>
Description: 
 libpango1.0-0 - Layout and rendering of internationalized text
 libpango1.0-0-dbg - The Pango library and debugging symbols
 libpango1.0-common - Modules and configuration files for the Pango
 libpango1.0-dev - Development files for the Pango
 libpango1.0-doc - Documentation files for the Pango
 libpango1.0-udeb - Layout and rendering of internationalized text - minimal 
runtime (udeb)
Closes: 610792
Changes: 
 pango1.0 (1.28.3-1+squeeze1) unstable; urgency=low
 .
   * 01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap
     corruption. Closes: #610792, CVE-2011-0020. LP: #696616.
Checksums-Sha1: 
 324783198df78ca9fe4c08f2656ee098d4568c78 1700 pango1.0_1.28.3-1+squeeze1.dsc
 1e9d6717b7943610564a4406408085f0a703772f 36852 
pango1.0_1.28.3-1+squeeze1.diff.gz
 24e8a62654b2d8208c61ba1641d7dcba9982cd06 114342 
libpango1.0-common_1.28.3-1+squeeze1_all.deb
 dfaac3510e0fecc593490b394bf24d971bec760e 343336 
libpango1.0-doc_1.28.3-1+squeeze1_all.deb
 0aaaceff2758197cccbc0b73c458c4e1dcfcc509 332262 
libpango1.0-0_1.28.3-1+squeeze1_amd64.deb
 ce51f8241f01a1ce912ae3290ca41e33ceb9c2d5 304844 
libpango1.0-udeb_1.28.3-1+squeeze1_amd64.udeb
 dbf6d7f71112321a448c7034c48a73f634dc8a76 420230 
libpango1.0-dev_1.28.3-1+squeeze1_amd64.deb
 661d0742d1a0472eb5367dafc1203adeaaa18dcc 866516 
libpango1.0-0-dbg_1.28.3-1+squeeze1_amd64.deb
Checksums-Sha256: 
 f7baa2c484b75ddaf4f4119c7c783faa2760100c604e823fdc01badabe469ac0 1700 
pango1.0_1.28.3-1+squeeze1.dsc
 68c8549874bed2298a5ab9a32e67f4412d1891f430d4fb4c9eb369df47713887 36852 
pango1.0_1.28.3-1+squeeze1.diff.gz
 fa41c19b6692bb5e81ee6ded4acbf28e4e628a0f4bf15e33466cfaa4c61f4816 114342 
libpango1.0-common_1.28.3-1+squeeze1_all.deb
 ebfcfd9d02d27fd71fe598c188c679dd16ffc5d74b756ff07b182f177fe4d25d 343336 
libpango1.0-doc_1.28.3-1+squeeze1_all.deb
 709250dfd6d971d069592ad42b85c42109b05c7465ef4103d61b500ffa812333 332262 
libpango1.0-0_1.28.3-1+squeeze1_amd64.deb
 808d4b340517086276f4885f61cc19979a40b67c698fb8cfad5475f49906ca78 304844 
libpango1.0-udeb_1.28.3-1+squeeze1_amd64.udeb
 df61cc6d59b8a5e78ed1a852ede4731c50c539f5e02708cc810be70916bb180b 420230 
libpango1.0-dev_1.28.3-1+squeeze1_amd64.deb
 c6b8854ba3815e70da9f853543393741f4b75aa41e079fb65293356b38ae6e54 866516 
libpango1.0-0-dbg_1.28.3-1+squeeze1_amd64.deb
Files: 
 a1b8764b64a53a5510f241788e86ae3b 1700 libs optional 
pango1.0_1.28.3-1+squeeze1.dsc
 402929441520f56355f69e7f86dd3c5a 36852 libs optional 
pango1.0_1.28.3-1+squeeze1.diff.gz
 bf1dad61d2578020ebe6db0e2685739d 114342 misc optional 
libpango1.0-common_1.28.3-1+squeeze1_all.deb
 dfdc0d81f4100a8d514568cd9149d978 343336 doc optional 
libpango1.0-doc_1.28.3-1+squeeze1_all.deb
 91519ae1b049d7b633df5affd5bc9d38 332262 libs optional 
libpango1.0-0_1.28.3-1+squeeze1_amd64.deb
 20159696a494e329d962a0652d1027d3 304844 debian-installer optional 
libpango1.0-udeb_1.28.3-1+squeeze1_amd64.udeb
 3af39b058215a2d07966747c20233fe2 420230 libdevel optional 
libpango1.0-dev_1.28.3-1+squeeze1_amd64.deb
 ba427d06adf0311e1aa2be917569f1c4 866516 debug extra 
libpango1.0-0-dbg_1.28.3-1+squeeze1_amd64.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFNPfR9rSla4ddfhTMRAkvOAKDgsCdbGiAPPl5HP7Wg+2iVq8+wzgCgux/A
VXbDYaM4PDHHBBLjC0qVwIM=
=T0jH
-----END PGP SIGNATURE-----

--- End Message ---