Date: Thu, 24 Sep 2020 18:10:34 +0000 From: "Tobias Kortkamp" <tobik@FreeBSD.org> To: "Jochen Neumeister" <joneum@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, desktop@FreeBSD.org Subject: Re: svn commit: r542951 - in head/x11-toolkits/pango: . files Message-ID: <1459968b-5630-4053-9d83-ae4e0f77957c@www.fastmail.com> In-Reply-To: <202007231834.06NIYopt071450@repo.freebsd.org> References: <202007231834.06NIYopt071450@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jul 23, 2020, at 18:34, Jochen Neumeister wrote: > Author: joneum > Date: Thu Jul 23 18:34:50 2020 > New Revision: 542951 > URL: https://svnweb.freebsd.org/changeset/ports/542951 > > Log: > SECURITY UPDATE: Buffer overflow > > Gnome Pango 1.42 and later is affected by: Buffer Overflow. The > impact is: The heap based buffer overflow can be used to get code > execution. The component is: function name: > pango_log2vis_get_embedding_levels, assignment of nchars and the loop > condition. The attack vector is: Bug can be used when application pass > invalid utf-8 strings to functions like pango_itemize. > > PR: 239563 > Reported by: Miyashita Touka <imagin8r@protonmail.com> > Approved by: gnome (maintainer timeout) > MFH: 2020Q3 > Security: 456375e1-cd09-11ea-9172-4c72b94353b5 > Sponsored by: Netzkommune GmbH > > Added: > head/x11-toolkits/pango/files/CVE-20191010238 (contents, props changed) > Modified: > head/x11-toolkits/pango/Makefile > > Modified: head/x11-toolkits/pango/Makefile > ============================================================================== > --- head/x11-toolkits/pango/Makefile Thu Jul 23 18:34:47 2020 (r542950) > +++ head/x11-toolkits/pango/Makefile Thu Jul 23 18:34:50 2020 (r542951) > @@ -3,7 +3,7 @@ > > PORTNAME= pango > PORTVERSION= 1.42.4 > -PORTREVISION= 3 > +PORTREVISION= 4 > CATEGORIES= x11-toolkits > MASTER_SITES= GNOME > DIST_SUBDIR= gnome2 > > Added: head/x11-toolkits/pango/files/CVE-20191010238 > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/x11-toolkits/pango/files/CVE-20191010238 Thu Jul 23 18:34:50 > 2020 (r542951) > @@ -0,0 +1,16 @@ > +--- ../pango/pango-bidi-type.c.orig 2020-07-23 19:10:14.338937000 +0200 > ++++ ../pango/pango-bidi-type.c 2020-07-23 19:12:15.511836000 +0200 > +@@ -179,8 +179,11 @@ pango_log2vis_get_embedding_levels (const gchar > *te > + for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), > i++) > + { > + gunichar ch = g_utf8_get_char (p); > +- FriBidiCharType char_type; > +- char_type = fribidi_get_bidi_type (ch); > ++ FriBidiCharType char_type = fribidi_get_bidi_type (ch); > ++ > ++ if (i == n_chars) > ++ break; > ++ > + bidi_types[i] = char_type; > + ored_types |= char_type; > + if (FRIBIDI_IS_STRONG (char_type)) The port is still vulnerable: files/CVE-20191010238 has no 'patch-' prefix so is never applied by the framework. How did this pass review?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1459968b-5630-4053-9d83-ae4e0f77957c>