[Bug 239563] x11-toolkits/pango vulnerable
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Thu Jul 23 18:35:11 UTC 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=239563
--- Comment #5 from commit-hook at FreeBSD.org ---
A commit references this bug:
Author: joneum
Date: Thu Jul 23 18:34:50 UTC 2020
New revision: 542951
URL: https://svnweb.freebsd.org/changeset/ports/542951
Log:
SECURITY UPDATE: Buffer overflow
Gnome Pango 1.42 and later is affected by: Buffer Overflow. The impact is:
The heap based buffer overflow can be used to get code execution. The component
is: function name: pango_log2vis_get_embedding_levels, assignment of nchars and
the loop condition. The attack vector is: Bug can be used when application pass
invalid utf-8 strings to functions like pango_itemize.
PR: 239563
Reported by: Miyashita Touka <imagin8r at protonmail.com>
Approved by: gnome (maintainer timeout)
MFH: 2020Q3
Security: 456375e1-cd09-11ea-9172-4c72b94353b5
Sponsored by: Netzkommune GmbH
Changes:
head/x11-toolkits/pango/Makefile
head/x11-toolkits/pango/files/CVE-20191010238
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-gnome
mailing list