April 2020 - fonts-bugs - Fedora Mailing-Lists

[Bug 1737785] New: CVE-2019-1010238 pango: heap based buffer overflow can be used to get code execution

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1737785 Bug ID: 1737785 Summary: CVE-2019-1010238 pango: heap based buffer overflow can be used to get code execution Product: Security Response Hardware: All OS: Linux Status: NEW Component: vulnerability Keywords: Security Severity: high Priority: high Assignee: security-response-team(a)redhat.com Reporter: mrehak(a)redhat.com CC: caillon+fedoraproject(a)gmail.com, eng-i18n-bugs(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, gnome-sig(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, john.j5live(a)gmail.com, mclasen(a)redhat.com, pwu(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, sandmann(a)redhat.com, tagoh(a)redhat.com Target Milestone: --- Classification: Other Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The heap based buffer overflow can be used to get code execution. The component is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and the loop condition. The attack vector is: Bug can be used when application pass invalid utf-8 strings to functions like pango_itemize. External References: https://packetstormsecurity.com/files/153838/USN-4081-1.txt -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
32
0 / 0

[Bug 1258542] Review Request: hack-fonts - A typeface designed for source code

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1258542 Petr Pisar <ppisar(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED CC| |ppisar(a)redhat.com -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1814349] Rename Request: ht-caladea-fonts - Caladea, a serif font family metric-compatible with Cambria font family

by bugzilla＠redhat.com

4 years

1
0
0 / 0

[Bug 1814349] Rename Request: ht-caladea-fonts - Caladea, a serif font family metric-compatible with Cambria font family

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1814349 --- Comment #13 from Igor Gnatenko <i.gnatenko.brain(a)gmail.com> --- (fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/ht-caladea-fonts -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1814349] Rename Request: ht-caladea-fonts - Caladea, a serif font family metric-compatible with Cambria font family

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1814349 Parag Nemade <pnemade(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Rename Request: |Rename Request: |google-caladea-fonts - |ht-caladea-fonts - Caladea, |Caladea, a serif font |a serif font family |family metric-compatible |metric-compatible with |with Cambria font family |Cambria font family --- Comment #12 from Parag Nemade <pnemade(a)redhat.com> --- I am sorry for not changing this review request bug summary. I am going to retire google-caladea-fonts now and will request again new ht-caladea-fonts package request. -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1825183] Review Request: hanamin-fonts - Japanese Mincho-typeface TrueType font

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1825183 --- Comment #5 from Parag Nemade <pnemade(a)redhat.com> --- Thank you, I understood this font family packaging now. -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1825183] Review Request: hanamin-fonts - Japanese Mincho-typeface TrueType font

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1825183 --- Comment #4 from Nicolas Mailhot <nicolas.mailhot(a)laposte.net> --- Hi Parag spec cleanliness aside (and I don’t pretend to be a CJK expert) I think Akira is right, we’re not in presence of two font families, but a single one, split over two files to workaround the OpenType pre-file glyph number limit. And that will work fine because fontconfig will merge the files as a single family. While fc-scan -f "%{family[0]};%{style[0]};%{fullname[0]};%{width};%{weight};%{slant};%{fontversion};%{file}\n" /usr/share/fonts/clm-* |sort -t ';' -k1,1d -k4,4n -k5,5n -k6,6n -k2,2d -k7,7dr | uniq | column --separator ';' -t is horrible from a usability POW, its results are useful -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1814349] Rename Request: google-caladea-fonts - Caladea, a serif font family metric-compatible with Cambria font family

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1814349 --- Comment #11 from Gwyn Ciesla <gwync(a)protonmail.com> --- (fedscm-admin): The Pagure repository was created at https://src.fedoraproject.org/rpms/google-caladea-fonts -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1825183] Review Request: hanamin-fonts - Japanese Mincho-typeface TrueType font

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1825183 Parag Nemade <pnemade(a)redhat.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |pnemade(a)redhat.com --- Comment #3 from Parag Nemade <pnemade(a)redhat.com> --- I thought this can be packaged like this https://download.copr.fedorainfracloud.org/results/pnemade/fedora-review/... -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

[Bug 1823637] Terminus fonts broken after terminus-fonts-4.48-5.fc32.noarch update

by bugzilla＠redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=1823637 --- Comment #10 from Akira TAGOH <tagoh(a)redhat.com> --- (In reply to Hans Ulrich Niedermann from comment #8) > I have removed the terminus-fonts package, and automagically the > gnome-terminal terminal and the gnome-terminal font selection dialog have > changed to stop including terminus. After re-installing the terminus-fonts > package, both have automagically started showing terminus fonts again. This > behaviour is the same both with the older terminus-fonts-4.48-3.fc32.noarch > package (with updates-testing disabled) and (with updates-testing enabled) > the newer terminus-fonts-4.48-5.fc32.noarch package. Right. that should works on WS. and is the off topic for this issue and misled by comment#1. please ignore it. > However, nobody needs to select those broken italic version from the font > selection box, as the fonts actually provided by terminus-fonts are in > perfect working order. The user experience is certainly better if you > install "terminus-fonts" if you want to use the Terminus font inside, say, > your gnome-terminal and emacs, and just ignore the obviously broken italic > font variant. The alternative is a separate package with legacy fonts for > Emacs, and the user having to find out about actually needing the legacy > variant package, then installing that legacy variant package in addition to > the standard one to have Terminus for both gnome-terminal and Emacs, and > then they see the broken italic font variants in the gnome-terminal font > selection dialog again. Right.. In that sense, applications which are going to deal with un-supported format should ignore them in their code to query fonts, in general at least. (In reply to Hans Ulrich Niedermann from comment #9) > So... is this actually just a duplicate of > <https://bugzilla.redhat.com/show_bug.cgi?id=1750891>? No, I don't think so. -- You are receiving this mail because: You are on the CC list for the bug.

4 years

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs April 2020