[Bug 1613550] CVE-2018-15120 pango: application crash triggered by unicode chars in pango-emoji.c
https://bugzilla.redhat.com/show_bug.cgi?id=1613550
Laura Pardo lpardo@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Group|security, qe_staff | CC| |alexl@redhat.com, | |fonts-bugs@lists.fedoraproj | |ect.org, | |i18n-bugs@lists.fedoraproje | |ct.org, | |john.j5live@gmail.com, | |mclasen@redhat.com, | |rhughes@redhat.com, | |rstrode@redhat.com, | |sandmann@redhat.com, | |tagoh@redhat.com Fixed In Version| |pango 1.42.4 Summary|EMBARGOED CVE-2018-15120 |CVE-2018-15120 pango: |pango: application crash |application crash triggered |triggered by unicode chars |by unicode chars in |in pango-emoji.c |pango-emoji.c Whiteboard|impact=moderate,reported=20 |impact=moderate,public=2018 |180807,source=upstream,cvss |0820,reported=20180807,sour |3=4/CVSS:3.0/AV:L/AC:L/PR:N |ce=upstream,cvss3=4/CVSS:3. |/UI:N/S:U/C:N/I:N/A:L,cwe=C |0/AV:L/AC:L/PR:N/UI:N/S:U/C |WE-617,openshift-enterprise |:N/I:N/A:L,cwe=CWE-617,open |-3/pango=new,fedora-all/pan |shift-enterprise-3/pango=ne |go=affected,rhel-6/pango=no |w,fedora-all/pango=affected |taffected,rhel-8/pango=affe |,rhel-6/pango=notaffected,r |cted,rhel-7/pango=notaffect |hel-8/pango=affected,rhel-7 |ed,rhel-5/pango=notaffected |/pango=notaffected,rhel-5/p | |ango=notaffected
--- Comment #2 from Laura Pardo lpardo@redhat.com --- References: https://mail.gnome.org/archives/distributor-list/2018-August/msg00001.html
Upstream patch: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0...
fonts-bugs@lists.fedoraproject.org
-
bugzilla@redhat.com