fonts-bugs March 2026

fonts-bugs@lists.fedoraproject.org

2 participants
18 discussions

[Bug 2451645] New: CVE-2026-34085 fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash [fedora-all]
by bugzilla＠redhat.com 07 Apr '26

07 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2451645 Bug ID: 2451645 Summary: CVE-2026-34085 fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash [fedora-all] Product: Fedora Version: rawhide Status: NEW Whiteboard: {"flaws": ["65df9a0b-8d8a-40c1-a4e1-f6ae7b5cc3e9"]} Component: fontconfig Keywords: Security, SecurityTracking Severity: medium Priority: medium Assignee: tagoh(a)redhat.com Reporter: trathi(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: ajax(a)redhat.com, fonts-bugs(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, mclasen(a)redhat.com, rstrode(a)redhat.com, tagoh(a)redhat.com Blocks: 2451414 (CVE-2026-34085) Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. Referenced Bugs: https://bugzilla.redhat.com/show_bug.cgi?id=2451414 [Bug 2451414] CVE-2026-34085 fontconfig: Fontconfig: Security flaw allows arbitrary code execution or system crash -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2451645 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 1

[Bug 2449666] New: abattis-cantarell-fonts: update to 0.311
by bugzilla＠redhat.com 06 Apr '26

06 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2449666 Bug ID: 2449666 Summary: abattis-cantarell-fonts: update to 0.311 Product: Fedora Version: 44 Hardware: x86_64 OS: Linux Status: NEW Component: abattis-cantarell-fonts Keywords: Upgrades Severity: low Assignee: mclasen(a)redhat.com Reporter: trkrksn(a)proton.me QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kalevlember(a)gmail.com, mclasen(a)redhat.com, me(a)fale.io, tagoh(a)redhat.com Target Milestone: --- Classification: Fedora The abattis-cantarell-fonts package in fc44 is significantly behind upstream. Fedora ships 0.301 (December 2020) while upstream is at 0.311 (January 2026), skipping four releases: 0.302 — variable font made the default; statics still available 0.303 — PostScript name fix for 0.302 0.310 — ss01 ligature improvements, autohinting fixes, new translations 0.311 — ss01 variant for the "fl" ligature Upstream release notes for 0.310 include a packagers note: "I recommend installing only the VF by default to avoid duplicate font entries (VF and statics have the same family name). When apps have issues with just the VF, please report them upstream." Full changelog: https://gitlab.gnome.org/GNOME/cantarell-fonts/-/tags Thanks Reproducible: Always -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2449666 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 5

[Bug 2402600] New: google-roboto-fonts-3.013 is available
by bugzilla＠redhat.com 05 Apr '26

05 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2402600 Bug ID: 2402600 Summary: google-roboto-fonts-3.013 is available Product: Fedora Version: rawhide Status: NEW Component: google-roboto-fonts Keywords: FutureFeature, Triaged Assignee: dtardon(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: davide(a)cavalca.name, dtardon(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 3.000, 3.001, 3.002, 3.003, 3.004, 3.005, 3.006, 3.007, 3.008, 3.009, 3.010, 3.011, 3.012, 3.013 Upstream release that is considered latest: 3.013 Current version/release in rawhide: 2.138-20.fc43 URL: https://github.com/googlefonts/roboto-3-classic Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/12041/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/google-roboto-fonts -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2402600 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2402531] New: fedora is using obselete version of Roboto font
by bugzilla＠redhat.com 05 Apr '26

05 Apr '26

https://bugzilla.redhat.com/show_bug.cgi?id=2402531 Bug ID: 2402531 Summary: fedora is using obselete version of Roboto font Product: Fedora Version: 42 Status: NEW Component: google-roboto-fonts Assignee: dtardon(a)redhat.com Reporter: uneasy_latitude544(a)simplelogin.com QA Contact: extras-qa(a)fedoraproject.org CC: davide(a)cavalca.name, dtardon(a)redhat.com, epel-packagers-sig(a)lists.fedoraproject.org, fonts-bugs(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Description of problem: fedora is using old version of Roboto font, see readme in https://github.com/googlefonts/roboto-2?tab=readme-ov-file, more updated version https://github.com/googlefonts/roboto-3-classic v3.012 Version-Release number of selected component (if applicable): v2.138 How reproducible: Yes. -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2402531 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 3

[Bug 2386191] New: Bold fonts in KDE Plasma are too bold
by bugzilla＠redhat.com 30 Mar '26

30 Mar '26

https://bugzilla.redhat.com/show_bug.cgi?id=2386191 Bug ID: 2386191 Summary: Bold fonts in KDE Plasma are too bold Product: Fedora Version: 42 Hardware: x86_64 OS: Linux Status: NEW Component: Fonts Keywords: Desktop Severity: medium Assignee: i18n-bugs(a)lists.fedoraproject.org Reporter: joshas(a)gmail.com QA Contact: fonts-bugs(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora After clean install of KDE Plasma Desktop, all bold fonts used in KDE applications, like System Settings or Dolphin are too bold. Reproducible: Always Steps to Reproduce: 1. Install Fedora KDE Plasma Desktop or run live session 2. Open System Settings 3. Notice bold font used in main section titles Actual Results: Font is too bold, making it hard to read. Expected Results: Standard bold font should be used. Additional Information: Disabling "Noto Sans ()" font from Font Management fixes the issue. Note, that this font has no name in the list. -- You are receiving this mail because: You are the QA Contact for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2386191 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2312011] New: mozilla-fira-fonts-4301 is available
by bugzilla＠redhat.com 27 Mar '26

27 Mar '26

https://bugzilla.redhat.com/show_bug.cgi?id=2312011 Bug ID: 2312011 Summary: mozilla-fira-fonts-4301 is available Product: Fedora Version: rawhide Status: NEW Component: mozilla-fira-fonts Keywords: FutureFeature, Triaged Assignee: ego.cordatus(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: admiller(a)redhat.com, ego.cordatus(a)gmail.com, fonts-bugs(a)lists.fedoraproject.org Target Milestone: --- Classification: Fedora Releases retrieved: 4301 Upstream release that is considered latest: 4301 Current version/release in rawhide: 4.202-20.fc41 URL: https://bboxtype.com/typefaces/FiraSans/ Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/311440/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/mozilla-fira-fonts -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2312011 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 7

[Bug 2426580] New: CVE-2025-15270 fontforge: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability [fedora-43]
by bugzilla＠redhat.com 26 Mar '26

26 Mar '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426580 Bug ID: 2426580 Summary: CVE-2025-15270 fontforge: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability [fedora-43] Product: Fedora Version: 43 Status: NEW Whiteboard: {"flaws": ["00427562-0d03-4a8c-a521-e0410b547d7b"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426434 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426580 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2426579] New: CVE-2025-15270 fontforge: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability [fedora-42]
by bugzilla＠redhat.com 26 Mar '26

26 Mar '26

https://bugzilla.redhat.com/show_bug.cgi?id=2426579 Bug ID: 2426579 Summary: CVE-2025-15270 fontforge: FontForge SFD File Parsing Improper Validation of Array Index Remote Code Execution Vulnerability [fedora-42] Product: Fedora Version: 42 Status: NEW Whiteboard: {"flaws": ["00427562-0d03-4a8c-a521-e0410b547d7b"]} Component: fontforge Keywords: Security, SecurityTracking Severity: high Priority: high Assignee: pnemade(a)redhat.com Reporter: saroy(a)redhat.com QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Blocks: 2426434 Target Milestone: --- Classification: Fedora Disclaimer: Community trackers are created by Red Hat Product Security team on a best effort basis. Package maintainers are required to ascertain if the flaw indeed affects their package, before starting the update process. The following link provides references to all essential vulnerability management information. If something is wrong or missing, please contact a member of PSIRT. https://spaces.redhat.com/display/PRODSEC/Vulnerability+Management+-+Essent… -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2426579 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 4

[Bug 2451667] New: sil-charis-fonts-7.000 is available
by bugzilla＠redhat.com 26 Mar '26

26 Mar '26

https://bugzilla.redhat.com/show_bug.cgi?id=2451667 Bug ID: 2451667 Summary: sil-charis-fonts-7.000 is available Product: Fedora Version: rawhide Status: NEW Component: sil-charis-fonts Keywords: FutureFeature, Triaged Assignee: aekoroglu(a)gmail.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: aekoroglu(a)gmail.com, fonts-bugs(a)lists.fedoraproject.org, kevin(a)scrye.com, pnemade(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 7.000 Upstream release that is considered latest: 7.000 Current version/release in rawhide: 6.200-7.fc44 URL: http://scripts.sil.org/CharisSIL_download Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/4818/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/sil-charis-fonts -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2451667 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

[Bug 2450200] New: pango-1.57.1 is available
by bugzilla＠redhat.com 23 Mar '26

23 Mar '26

https://bugzilla.redhat.com/show_bug.cgi?id=2450200 Bug ID: 2450200 Summary: pango-1.57.1 is available Product: Fedora Version: rawhide Status: NEW Component: pango Keywords: FutureFeature, Triaged Assignee: pwu(a)redhat.com Reporter: upstream-release-monitoring(a)fedoraproject.org QA Contact: extras-qa(a)fedoraproject.org CC: fonts-bugs(a)lists.fedoraproject.org, gnome-sig(a)lists.fedoraproject.org, i18n-bugs(a)lists.fedoraproject.org, mclasen(a)redhat.com, pwu(a)redhat.com, rhughes(a)redhat.com, rstrode(a)redhat.com, tagoh(a)redhat.com Target Milestone: --- Classification: Fedora Releases retrieved: 1.57.1 Upstream release that is considered latest: 1.57.1 Current version/release in rawhide: 1.57.0-4.fc45 URL: http://www.pango.org Please consult the package updates policy before you issue an update to a stable branch: https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/ More information about the service that created this bug can be found at: https://docs.fedoraproject.org/en-US/package-maintainers/Upstream_Release_M… Please keep in mind that with any upstream change, there may also be packaging changes that need to be made. Specifically, please remember that it is your responsibility to review the new version to ensure that the licensing is still correct and that no non-free or legally problematic items have been added upstream. Based on the information from Anitya: https://release-monitoring.org/project/11783/ To change the monitoring settings for the project, please visit: https://src.fedoraproject.org/rpms/pango -- You are receiving this mail because: You are on the CC list for the bug. https://bugzilla.redhat.com/show_bug.cgi?id=2450200 Report this comment as SPAM: https://bugzilla.redhat.com/enter_bug.cgi?product=Bugzilla&format=report-sp…

1 2

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

fonts-bugs March 2026