1. Forum
  2. Usenet
  3. LINUX.DEBIAN.ANNOUNCE.SEC

  • [SECURITY] [DSA 4496-1] pango1.0 security update

    From Salvatore Bonaccorso@1:229/2 to All on Sun Aug 11 17:20:01 2019
    From: [email protected]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA512

    - ------------------------------------------------------------------------- Debian Security Advisory DSA-4496-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019 https://www.debian.org/security/faq
    - -------------------------------------------------------------------------

    Package : pango1.0
    CVE ID : CVE-2019-1010238
    Debian Bug : 933860

    Benno Fuenfstueck discovered that Pango, a library for layout and
    rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of
    service or potentially the execution of arbitrary code.

    For the stable distribution (buster), this problem has been fixed in
    version 1.42.4-7~deb10u1.

    We recommend that you upgrade your pango1.0 packages.

    For the detailed security status of pango1.0 please refer to its
    security tracker page at:
    https://security-tracker.debian.org/tracker/pango1.0

    Further information about Debian Security Advisories, how to apply
    these updates to your system and frequently asked questions can be
    found at: https://www.debian.org/security/

    Mailing list: [email protected]
    -----BEGIN PGP SIGNATURE-----

    iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1QMblfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TNuhAAhi1fZW2f4T30VPfIfGdbZgGW+gO/1TH3eAqQXisy2ga4p5RJTIuNVUjx mjD7FqYlrxuaAMuqqkCOEGTZIa8RVswjttcnsPZ+u9U8XhEWdbWy0iLq9+Ukkk2k /bp5uHI1MCpG9pHY/cb2VKmK9XpBBZcykhR6fhoRgOt1MW/Qnmn+aNvGzfcSJugc ZGziyvJ8FmVAqNpkuaiCTSbbx815LiZgd784X9VdN4hjso5uQfZfVSjwOVkXLnG2 oInrlP2GxKBptJAKtxe/Uzc1Bx6j7Q2iXUQPZ1O7d4e8/G7Knbsvub89eQSwJmHW SmP//xLtmlq3bJGACekLs1cJgajLs7kfKxp+DI/Ar1PMZt3F5muMWTUSx1u33v9E JiQD9q63Yhe8fAtPeFkb8HMu5fjYUCJ8fSEVs6bf0P2Ccy5hfZbsjs71YCUw+ddC Pj2OFs5vFjOh8/Jr7bPHsmCiN+j4GKzHyOGdYxJcX7I62CVZDcJ27PXcbxpqEaj+ cxJ4oHdBz5L+LQUC4EoSIpCzv2Bt81xdibTUmx19sqTn5KdVl0H04PZoqstBYKwo nzkouQd899moTQF33ECymphvrqGAx/ko6n/11w7QoY1EdTSuwTxyXOayu8I3NqGi XKAKJyQJ7xEmwXIAvO25ZJLNO1d7p0pz7ij56BKYSnwb1xhYoek=
    =66S5
    -----END PGP SIGNATURE-----

    --- SoupGate-Win32 v1.05
    * Origin: you cannot sedate... all the things you hate (1:229/2)