Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 26 Sep 2020 18:50:13 +0200
From:      Niclas Zeising <zeising@freebsd.org>
To:        Tobias Kortkamp <tobik@FreeBSD.org>, Jochen Neumeister <joneum@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org, desktop@FreeBSD.org
Subject:   Re: svn commit: r542951 - in head/x11-toolkits/pango: . files
Message-ID:  <1e425ab6-1759-9db1-a2c2-85913a77acbd@freebsd.org>
In-Reply-To: <1459968b-5630-4053-9d83-ae4e0f77957c@www.fastmail.com>
References:  <202007231834.06NIYopt071450@repo.freebsd.org> <1459968b-5630-4053-9d83-ae4e0f77957c@www.fastmail.com>

next in thread | previous in thread | raw e-mail | index | archive | help
On 2020-09-24 20:10, Tobias Kortkamp wrote:
> On Thu, Jul 23, 2020, at 18:34, Jochen Neumeister wrote:
>> Author: joneum
>> Date: Thu Jul 23 18:34:50 2020
>> New Revision: 542951
>> URL: https://svnweb.freebsd.org/changeset/ports/542951
>>
>> Log:
>>    SECURITY UPDATE: Buffer overflow
>>    
>>    Gnome Pango 1.42 and later is affected by: Buffer Overflow. The
>> impact is: The heap based buffer overflow can be used to get code
>> execution. The component is: function name:
>> pango_log2vis_get_embedding_levels, assignment of nchars and the loop
>> condition. The attack vector is: Bug can be used when application pass
>> invalid utf-8 strings to functions like pango_itemize.
>>    
>>    PR:		239563
>>    Reported by:	Miyashita Touka <imagin8r@protonmail.com>
>>    Approved by:	gnome (maintainer timeout)
>>    MFH:		2020Q3
>>    Security:	456375e1-cd09-11ea-9172-4c72b94353b5
>>    Sponsored by:	Netzkommune GmbH
> 
> The port is still vulnerable: files/CVE-20191010238 has no 'patch-'
> prefix so is never applied by the framework.  How did this pass
> review?

This has been fixed in ports r550179, and VuXML has been updated with 
the actual version of pango where this got fixed.
Regards
-- 
Niclas Zeising



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1e425ab6-1759-9db1-a2c2-85913a77acbd>