January 2011 - fonts-bugs - Fedora Mailing-Lists

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 --- Comment #10 from Behdad Esfahbod <behdad(a)fedoraproject.org> 2011-01-21 14:36:58 EST --- Also note that no one uses the PangoFT2 fontmap, except for maybe the GIMP and possibly old Inkscape. It's NOT used in GTK+ rendering or Firefox, etc. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 --- Comment #9 from Josh Bressers (Security Response Team) <bressers(a)redhat.com> 2011-01-21 13:53:34 EST --- Created pango tracking bugs for this issue Affects: fedora-all [bug 671123] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 Josh Bressers (Security Response Team) <bressers(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |671527 Depends on| |671528 Depends on| |671529 Depends on| |671530 Depends on| |671531 Depends on| |671532 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 Josh Bressers (Security Response Team) <bressers(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard|public=20110118,reported=20 |public=20110118,reported=20 |110118,source=osssecurity,i |110118,source=osssecurity,i |mpact=moderate,cvss2=5.1/AV |mpact=moderate,cvss2=5.1/AV |:N/AC:H/Au:N/C:P/I:P/A:P/,r |:N/AC:H/Au:N/C:P/I:P/A:P/,r |hel-5/pango=notaffected,rhe |hel-5/pango=affected,rhel-6 |l-6/pango=notaffected,fedor |/pango=affected,fedora-all/ |a-all/pango=affected/cvss2= |pango=affected/cvss2=5.1/AV |5.1/AV:N/AC:H/Au:N/C:P/I:P/ |:N/AC:H/Au:N/C:P/I:P/A:P,rh |A:P |el-4/pango=notaffected Status Whiteboard| |rhel-4/evolution28-pango=af | |fected -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 --- Comment #6 from Josh Bressers (Security Response Team) <bressers(a)redhat.com> 2011-01-21 13:43:17 EST --- I've looked over how pango is used in Red Hat Enterprise Linux. I do not believe this poses a significant risk. Nothing that uses pango for layout will accept arbitrary font input. Since this bug needs a malformed font, user interaction will be needed to exploit this flaw. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 --- Comment #5 from Josh Bressers (Security Response Team) <bressers(a)redhat.com> 2011-01-21 13:42:03 EST --- This flaw does not affect RHEL4. The code in question does not exist in that version of Pango. This flaw should affect evolution28-pango on RHEL4 and pango on RHEL 5 and RHEL 6. The public reproducer does not work, as a different codepath is exercised than on systems that crash, but the faulty arithmetic is there. There are many possible codepaths that can exercise this bug. -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Issue 113586] Unable to get correct version of OpenSymbol

by is＠openoffice.org

To comment on the following update, log in, then open the issue: http://www.openoffice.org/issues/show_bug.cgi?id=113586 User is changed the following: What |Old value |New value ================================================================================ Target milestone|OOo 3.4 |OOo 3.x -------------------------------------------------------------------------------- ------- Additional comments from is(a)openoffice.org Fri Jan 21 11:21:35 +0000 2011 ------- Setting target 3.x --------------------------------------------------------------------- Please do not reply to this automatically generated notification from Issue Tracker. Please log onto the website and enter your comments. http://qa.openoffice.org/issue_handling/project_issues.html#notification

12 years, 2 months

1
0
0 / 0

[Bug 671122] CVE-2011-0020 pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|pango: Heap-based buffer |CVE-2011-0020 pango: |overflow by rendering glyph |Heap-based buffer overflow |box for certain FT_Bitmap |by rendering glyph box for |objects |certain FT_Bitmap objects Alias| |CVE-2011-0020 --- Comment #4 from Huzaifa S. Sidhpurwala <huzaifas(a)redhat.com> 2011-01-21 01:03:10 EST --- This has been assigned CVE-2011-0020 -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 Josh Bressers (Security Response Team) <bressers(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |bressers(a)redhat.com -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

[Bug 671122] pango: Heap-based buffer overflow by rendering glyph box for certain FT_Bitmap objects

by Red Hat Bugzilla

Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=671122 Jan Lieskovsky <jlieskov(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |671123 --- Comment #2 from Jan Lieskovsky <jlieskov(a)redhat.com> 2011-01-20 08:01:33 EST --- Created pango tracking bugs for this issue Affects: fedora-all [bug 671123] -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.

12 years, 2 months

1
0
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs January 2011