Debian Bug report logs -
#574021
CVE-2010-0421: libpangoft2 segfaults on forged font files
Reported by: Moritz Muehlenhoff <jmm@debian.org>
Date: Mon, 15 Mar 2010 18:52:12 UTC
Severity: grave
Tags: security
Fixed in versions 1.26.2-2, pango1.0/1.20.5-5+lenny1
Done: Giuseppe Iuculano <iuculano@debian.org>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastien Bacher <seb128@debian.org>:
Bug#574021; Package pango1.0.
(Mon, 15 Mar 2010 18:52:15 GMT) (full text, mbox, link).
Acknowledgement sent
to Moritz Muehlenhoff <jmm@debian.org>:
New Bug report received and forwarded. Copy sent to team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Sebastien Bacher <seb128@debian.org>.
(Mon, 15 Mar 2010 18:52:15 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: pango1.0
Severity: grave
Tags: security
The following security issue in Pango was reported by Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0421
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Information forwarded
to debian-bugs-dist@lists.debian.org, Sebastien Bacher <seb128@debian.org>:
Bug#574021; Package pango1.0.
(Sat, 20 Mar 2010 13:36:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Giuseppe Iuculano <giuseppe@iuculano.it>:
Extra info received and forwarded to list. Copy sent to Sebastien Bacher <seb128@debian.org>.
(Sat, 20 Mar 2010 13:36:03 GMT) (full text, mbox, link).
Message #10 received at 574021@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi,
attacked is the debdiff for the lenny version.
Cheers,
Giuseppe.
[pango1.0_1.20.5-5+lenny1.debdiff (text/plain, attachment)]
[signature.asc (application/pgp-signature, attachment)]
Reply sent
to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility.
(Mon, 22 Mar 2010 07:54:35 GMT) (full text, mbox, link).
Notification sent
to Moritz Muehlenhoff <jmm@debian.org>:
Bug acknowledged by developer.
(Mon, 22 Mar 2010 07:54:35 GMT) (full text, mbox, link).
Message #15 received at 574021-close@bugs.debian.org (full text, mbox, reply):
Source: pango1.0
Source-Version: 1.20.5-5+lenny1
We believe that the bug you reported is fixed in the latest version of
pango1.0, which is due to be installed in the Debian FTP archive:
libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
to main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
libpango1.0-0_1.20.5-5+lenny1_i386.deb
to main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_i386.deb
libpango1.0-common_1.20.5-5+lenny1_all.deb
to main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
libpango1.0-dev_1.20.5-5+lenny1_i386.deb
to main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_i386.deb
libpango1.0-doc_1.20.5-5+lenny1_all.deb
to main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
to main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
pango1.0_1.20.5-5+lenny1.diff.gz
to main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
pango1.0_1.20.5-5+lenny1.dsc
to main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 574021@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated pango1.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 18 Mar 2010 15:18:06 +0100
Source: pango1.0
Binary: libpango1.0-0 libpango1.0-udeb libpango1.0-common libpango1.0-dev libpango1.0-0-dbg libpango1.0-doc
Architecture: source all i386
Version: 1.20.5-5+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Sebastien Bacher <seb128@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description:
libpango1.0-0 - Layout and rendering of internationalized text
libpango1.0-0-dbg - The Pango library and debugging symbols
libpango1.0-common - Modules and configuration files for the Pango
libpango1.0-dev - Development files for the Pango
libpango1.0-doc - Documentation files for the Pango
libpango1.0-udeb - Layout and rendering of internationalized text - minimal runtime (udeb)
Closes: 574021
Changes:
pango1.0 (1.20.5-5+lenny1) stable-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* Fixed CVE-2010-0421: improper input sanitization, leading to array indexing
error, in the way Pango font rendering library synthesized Glyph Definition
Table (GDEF) from the font's character map and the Unicode property
database. (Closes: #574021)
Checksums-Sha1:
f8a6afef60f827092d68896d44f14cb096d0d5b5 1647 pango1.0_1.20.5-5+lenny1.dsc
d23301ba3d33741033574edd39f28927e2a625d6 30609 pango1.0_1.20.5-5+lenny1.diff.gz
8007f043bd539f76ea4633f5c4eb58fb1b2b12fa 64556 libpango1.0-common_1.20.5-5+lenny1_all.deb
48bd0fc34f5713915f8470c3829363d2fcf86bb7 286750 libpango1.0-doc_1.20.5-5+lenny1_all.deb
7d17d86a8fc2e587f593eadf5ae2041d2c29ba4b 285456 libpango1.0-0_1.20.5-5+lenny1_i386.deb
8163d53e554316e426c4712d85c8a2a3ff3296e7 213822 libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
eff7dbb2afbb55c5dbb7c4d0f472c817934891c3 350456 libpango1.0-dev_1.20.5-5+lenny1_i386.deb
fe451e414045446a4ea231525c7470a455fec4ef 719590 libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Checksums-Sha256:
d725cc05413f08c7124aaf471cde001cfa82eb5a13bfecaf5883426c8ed2e968 1647 pango1.0_1.20.5-5+lenny1.dsc
1e26291e1cae6feae4a22627aa4e7fed2e51c1320e6fc4adaa1b6ebac1db4f64 30609 pango1.0_1.20.5-5+lenny1.diff.gz
950a7d63934b76928b96d9c64b48582143dd92de36b3ab4c8e37909100f82e85 64556 libpango1.0-common_1.20.5-5+lenny1_all.deb
e76364ab6ba35e7d47efa605cd9aa31e757bc05cfa78980b4ac3e108b769095d 286750 libpango1.0-doc_1.20.5-5+lenny1_all.deb
4cf25cf7ca8882b041860326bfc7d25c40e798aabc0f5d70aa33ff20fbf33c35 285456 libpango1.0-0_1.20.5-5+lenny1_i386.deb
b36f3a187500ef892c9da228b241b9dda783c089f36a3486674b81cfe2863597 213822 libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
c06fbebcf385be38f152826369af947301ba9349833bd478d2f1f66b21c34fc0 350456 libpango1.0-dev_1.20.5-5+lenny1_i386.deb
9c73e590a8100e3121aa0c0921884cdd1a57a3fbc282e5d3d26b4f1f0d2108d0 719590 libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Files:
65108152472b632d5214ba3eed1191f9 1647 libs optional pango1.0_1.20.5-5+lenny1.dsc
59b83220ce8e5663d1576c9c62cda04f 30609 libs optional pango1.0_1.20.5-5+lenny1.diff.gz
b50adb928602040044cc0469b210dc16 64556 misc optional libpango1.0-common_1.20.5-5+lenny1_all.deb
df6f2e6739297305f301a9b21519d32c 286750 doc optional libpango1.0-doc_1.20.5-5+lenny1_all.deb
9347047a1ea7fda4d856670254c3c31c 285456 libs optional libpango1.0-0_1.20.5-5+lenny1_i386.deb
0a8a83f93880866b00af792b415ac977 213822 debian-installer optional libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
a0dd849fc1ff64d445b04e8f2e936872 350456 libdevel optional libpango1.0-dev_1.20.5-5+lenny1_i386.deb
8991fef0ff79ca19bac8094d1bc2b3c8 719590 libdevel extra libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Package-Type: udeb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
iEYEARECAAYFAkuiO3UACgkQNxpp46476apHrQCgmehgnvGG4PzYs91Qro5BdJZj
3DAAnRuzYiQs1ThBxTItZ+e6T7RaLytC
=h/VC
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Sebastien Bacher <seb128@debian.org>:
Bug#574021; Package pango1.0.
(Sat, 27 Mar 2010 17:54:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Michael Gilbert <michael.s.gilbert@gmail.com>:
Extra info received and forwarded to list. Copy sent to Sebastien Bacher <seb128@debian.org>.
(Sat, 27 Mar 2010 17:54:04 GMT) (full text, mbox, link).
Message #20 received at 574021@bugs.debian.org (full text, mbox, reply):
fixed 574021 1.26.2-1
thanks
i've checked the pango source code in unstable, and the vulnerable code
is not present.
mike
Bug Marked as fixed in versions 1.26.2-1.
Request was from Michael Gilbert <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Sat, 27 Mar 2010 17:54:08 GMT) (full text, mbox, link).
Bug No longer marked as fixed in versions 1.26.2-1.
Request was from Michael Gilbert <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Sat, 27 Mar 2010 18:12:06 GMT) (full text, mbox, link).
Bug Marked as fixed in versions 1.26.2-2.
Request was from Michael Gilbert <michael.s.gilbert@gmail.com>
to control@bugs.debian.org.
(Sat, 27 Mar 2010 18:12:07 GMT) (full text, mbox, link).
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Sat, 24 Jul 2010 07:33:36 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 17:41:31 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon