https://bugzilla.redhat.com/show_bug.cgi?id=2036820
--- Comment #6 from Parag Nemade <pnemade(a)redhat.com> ---
Yesterday I spend good amount of time on this CVE issue and concluded that
those Feodra/RHEL releases which have only harfbuzz-2.9.0 build are affected.
So actually No Fedora release is affected by this CVE.
The code got introduced and fixed between 2.9.0 to 2.9.1 upstream release.
So this CVE is actually NOTABUG.
--
You are receiving this mail because:
You are on the CC list for the bug.
https://bugzilla.redhat.com/show_bug.cgi?id=2036820