https://bugzilla.redhat.com/show_bug.cgi?id=1737785
Bug ID: 1737785
Summary: CVE-2019-1010238 pango: heap based buffer overflow can
be used to get code execution
Product: Security Response
Hardware: All
OS: Linux
Status: NEW
Component: vulnerability
Keywords: Security
Severity: high
Priority: high
Assignee: security-response-team(a)redhat.com
Reporter: mrehak(a)redhat.com
CC: caillon+fedoraproject(a)gmail.com,
eng-i18n-bugs(a)redhat.com,
fonts-bugs(a)lists.fedoraproject.org,
gnome-sig(a)lists.fedoraproject.org,
i18n-bugs(a)lists.fedoraproject.org,
john.j5live(a)gmail.com, mclasen(a)redhat.com,
pwu(a)redhat.com, rhughes(a)redhat.com,
rstrode(a)redhat.com, sandmann(a)redhat.com,
tagoh(a)redhat.com
Target Milestone: ---
Classification: Other
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is: The
heap based buffer overflow can be used to get code execution. The component is:
function name: pango_log2vis_get_embedding_levels, assignment of nchars and the
loop condition. The attack vector is: Bug can be used when application pass
invalid utf-8 strings to functions like pango_itemize.
External References:
https://packetstormsecurity.com/files/153838/USN-4081-1.txt
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1258542
Petr Pisar <ppisar(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |ASSIGNED
CC| |ppisar(a)redhat.com
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1814349
Parag Nemade <pnemade(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|ASSIGNED |CLOSED
Fixed In Version| |ht-caladea-fonts-1.001-2.gi
| |t336a529.fc33
Resolution|--- |NEXTRELEASE
Last Closed| |2020-04-28 17:22:20
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1814349
Parag Nemade <pnemade(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Summary|Rename Request: |Rename Request:
|google-caladea-fonts - |ht-caladea-fonts - Caladea,
|Caladea, a serif font |a serif font family
|family metric-compatible |metric-compatible with
|with Cambria font family |Cambria font family
--- Comment #12 from Parag Nemade <pnemade(a)redhat.com> ---
I am sorry for not changing this review request bug summary. I am going to
retire google-caladea-fonts now and will request again new ht-caladea-fonts
package request.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1825183
--- Comment #5 from Parag Nemade <pnemade(a)redhat.com> ---
Thank you, I understood this font family packaging now.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1825183
--- Comment #4 from Nicolas Mailhot <nicolas.mailhot(a)laposte.net> ---
Hi Parag
spec cleanliness aside (and I don’t pretend to be a CJK expert) I think Akira
is right, we’re not in presence of two font families, but a single one, split
over two files to workaround the OpenType pre-file glyph number limit. And that
will work fine because fontconfig will merge the files as a single family.
While
fc-scan -f
"%{family[0]};%{style[0]};%{fullname[0]};%{width};%{weight};%{slant};%{fontversion};%{file}\n"
/usr/share/fonts/clm-* |sort -t ';' -k1,1d -k4,4n -k5,5n -k6,6n -k2,2d
-k7,7dr | uniq | column --separator ';' -t
is horrible from a usability POW, its results are useful
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=1823637
--- Comment #10 from Akira TAGOH <tagoh(a)redhat.com> ---
(In reply to Hans Ulrich Niedermann from comment #8)
> I have removed the terminus-fonts package, and automagically the
> gnome-terminal terminal and the gnome-terminal font selection dialog have
> changed to stop including terminus. After re-installing the terminus-fonts
> package, both have automagically started showing terminus fonts again. This
> behaviour is the same both with the older terminus-fonts-4.48-3.fc32.noarch
> package (with updates-testing disabled) and (with updates-testing enabled)
> the newer terminus-fonts-4.48-5.fc32.noarch package.
Right. that should works on WS. and is the off topic for this issue and misled
by comment#1. please ignore it.
> However, nobody needs to select those broken italic version from the font
> selection box, as the fonts actually provided by terminus-fonts are in
> perfect working order. The user experience is certainly better if you
> install "terminus-fonts" if you want to use the Terminus font inside, say,
> your gnome-terminal and emacs, and just ignore the obviously broken italic
> font variant. The alternative is a separate package with legacy fonts for
> Emacs, and the user having to find out about actually needing the legacy
> variant package, then installing that legacy variant package in addition to
> the standard one to have Terminus for both gnome-terminal and Emacs, and
> then they see the broken italic font variants in the gnome-terminal font
> selection dialog again.
Right.. In that sense, applications which are going to deal with un-supported
format should ignore them in their code to query fonts, in general at least.
(In reply to Hans Ulrich Niedermann from comment #9)
> So... is this actually just a duplicate of
> <https://bugzilla.redhat.com/show_bug.cgi?id=1750891>?
No, I don't think so.
--
You are receiving this mail because:
You are on the CC list for the bug.