Date: Thu, 23 Jul 2020 18:36:13 +0000 From: bugzilla-noreply@freebsd.org To: gnome@FreeBSD.org Subject: [Bug 239563] x11-toolkits/pango vulnerable Message-ID: <bug-239563-6497-9Malfta4IP@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-239563-6497@https.bugs.freebsd.org/bugzilla/> References: <bug-239563-6497@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D239563 --- Comment #6 from commit-hook@FreeBSD.org --- A commit references this bug: Author: joneum Date: Thu Jul 23 18:36:07 UTC 2020 New revision: 542952 URL: https://svnweb.freebsd.org/changeset/ports/542952 Log: MFH: r542951 SECURITY UPDATE: Buffer overflow Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The compo= nent is: function name: pango_log2vis_get_embedding_levels, assignment of nchars= and the loop condition. The attack vector is: Bug can be used when application = pass invalid utf-8 strings to functions like pango_itemize. PR: 239563 Reported by: Miyashita Touka <imagin8r@protonmail.com> Approved by: gnome (maintainer timeout) Security: 456375e1-cd09-11ea-9172-4c72b94353b5 Sponsored by: Netzkommune GmbH Approved by: ports-secteam (with hat) Changes: _U branches/2020Q3/ branches/2020Q3/x11-toolkits/pango/Makefile branches/2020Q3/x11-toolkits/pango/files/CVE-20191010238 --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-239563-6497-9Malfta4IP>