Bug#574021: marked as done (CVE-2010-0421: libpangoft2 segfaults on forged font files)

Debian Bug Tracking System Mon, 22 Mar 2010 01:01:26 -0700

Your message dated Mon, 22 Mar 2010 07:52:42 +0000
with message-id <e1ntcrg-0000nr...@ries.debian.org>
and subject line Bug#574021: fixed in pango1.0 1.20.5-5+lenny1
has caused the Debian Bug report #574021,
regarding CVE-2010-0421: libpangoft2 segfaults on forged font files
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
574021: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=574021
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: pango1.0
Severity: grave
Tags: security

The following security issue in Pango was reported by Red Hat:
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-0421 

Cheers,
        Moritz

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-3-686 (SMP w/1 CPU core)
Locale: LANG=C, lc_ctype=de_de.iso-8859...@euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash

--- End Message ---

--- Begin Message ---

Source: pango1.0
Source-Version: 1.20.5-5+lenny1

We believe that the bug you reported is fixed in the latest version of
pango1.0, which is due to be installed in the Debian FTP archive:

libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
  to main/p/pango1.0/libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
libpango1.0-0_1.20.5-5+lenny1_i386.deb
  to main/p/pango1.0/libpango1.0-0_1.20.5-5+lenny1_i386.deb
libpango1.0-common_1.20.5-5+lenny1_all.deb
  to main/p/pango1.0/libpango1.0-common_1.20.5-5+lenny1_all.deb
libpango1.0-dev_1.20.5-5+lenny1_i386.deb
  to main/p/pango1.0/libpango1.0-dev_1.20.5-5+lenny1_i386.deb
libpango1.0-doc_1.20.5-5+lenny1_all.deb
  to main/p/pango1.0/libpango1.0-doc_1.20.5-5+lenny1_all.deb
libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
  to main/p/pango1.0/libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
pango1.0_1.20.5-5+lenny1.diff.gz
  to main/p/pango1.0/pango1.0_1.20.5-5+lenny1.diff.gz
pango1.0_1.20.5-5+lenny1.dsc
  to main/p/pango1.0/pango1.0_1.20.5-5+lenny1.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 574...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iucul...@debian.org> (supplier of updated pango1.0 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 18 Mar 2010 15:18:06 +0100
Source: pango1.0
Binary: libpango1.0-0 libpango1.0-udeb libpango1.0-common libpango1.0-dev 
libpango1.0-0-dbg libpango1.0-doc
Architecture: source all i386
Version: 1.20.5-5+lenny1
Distribution: stable-security
Urgency: high
Maintainer: Sebastien Bacher <seb...@debian.org>
Changed-By: Giuseppe Iuculano <iucul...@debian.org>
Description: 
 libpango1.0-0 - Layout and rendering of internationalized text
 libpango1.0-0-dbg - The Pango library and debugging symbols
 libpango1.0-common - Modules and configuration files for the Pango
 libpango1.0-dev - Development files for the Pango
 libpango1.0-doc - Documentation files for the Pango
 libpango1.0-udeb - Layout and rendering of internationalized text - minimal 
runtime (udeb)
Closes: 574021
Changes: 
 pango1.0 (1.20.5-5+lenny1) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2010-0421: improper input sanitization, leading to array indexing
     error, in the way Pango font rendering library synthesized Glyph Definition
     Table (GDEF) from the font's character map and the Unicode property
     database. (Closes: #574021)
Checksums-Sha1: 
 f8a6afef60f827092d68896d44f14cb096d0d5b5 1647 pango1.0_1.20.5-5+lenny1.dsc
 d23301ba3d33741033574edd39f28927e2a625d6 30609 pango1.0_1.20.5-5+lenny1.diff.gz
 8007f043bd539f76ea4633f5c4eb58fb1b2b12fa 64556 
libpango1.0-common_1.20.5-5+lenny1_all.deb
 48bd0fc34f5713915f8470c3829363d2fcf86bb7 286750 
libpango1.0-doc_1.20.5-5+lenny1_all.deb
 7d17d86a8fc2e587f593eadf5ae2041d2c29ba4b 285456 
libpango1.0-0_1.20.5-5+lenny1_i386.deb
 8163d53e554316e426c4712d85c8a2a3ff3296e7 213822 
libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
 eff7dbb2afbb55c5dbb7c4d0f472c817934891c3 350456 
libpango1.0-dev_1.20.5-5+lenny1_i386.deb
 fe451e414045446a4ea231525c7470a455fec4ef 719590 
libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Checksums-Sha256: 
 d725cc05413f08c7124aaf471cde001cfa82eb5a13bfecaf5883426c8ed2e968 1647 
pango1.0_1.20.5-5+lenny1.dsc
 1e26291e1cae6feae4a22627aa4e7fed2e51c1320e6fc4adaa1b6ebac1db4f64 30609 
pango1.0_1.20.5-5+lenny1.diff.gz
 950a7d63934b76928b96d9c64b48582143dd92de36b3ab4c8e37909100f82e85 64556 
libpango1.0-common_1.20.5-5+lenny1_all.deb
 e76364ab6ba35e7d47efa605cd9aa31e757bc05cfa78980b4ac3e108b769095d 286750 
libpango1.0-doc_1.20.5-5+lenny1_all.deb
 4cf25cf7ca8882b041860326bfc7d25c40e798aabc0f5d70aa33ff20fbf33c35 285456 
libpango1.0-0_1.20.5-5+lenny1_i386.deb
 b36f3a187500ef892c9da228b241b9dda783c089f36a3486674b81cfe2863597 213822 
libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
 c06fbebcf385be38f152826369af947301ba9349833bd478d2f1f66b21c34fc0 350456 
libpango1.0-dev_1.20.5-5+lenny1_i386.deb
 9c73e590a8100e3121aa0c0921884cdd1a57a3fbc282e5d3d26b4f1f0d2108d0 719590 
libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Files: 
 65108152472b632d5214ba3eed1191f9 1647 libs optional 
pango1.0_1.20.5-5+lenny1.dsc
 59b83220ce8e5663d1576c9c62cda04f 30609 libs optional 
pango1.0_1.20.5-5+lenny1.diff.gz
 b50adb928602040044cc0469b210dc16 64556 misc optional 
libpango1.0-common_1.20.5-5+lenny1_all.deb
 df6f2e6739297305f301a9b21519d32c 286750 doc optional 
libpango1.0-doc_1.20.5-5+lenny1_all.deb
 9347047a1ea7fda4d856670254c3c31c 285456 libs optional 
libpango1.0-0_1.20.5-5+lenny1_i386.deb
 0a8a83f93880866b00af792b415ac977 213822 debian-installer optional 
libpango1.0-udeb_1.20.5-5+lenny1_i386.udeb
 a0dd849fc1ff64d445b04e8f2e936872 350456 libdevel optional 
libpango1.0-dev_1.20.5-5+lenny1_i386.deb
 8991fef0ff79ca19bac8094d1bc2b3c8 719590 libdevel extra 
libpango1.0-0-dbg_1.20.5-5+lenny1_i386.deb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkuiO3UACgkQNxpp46476apHrQCgmehgnvGG4PzYs91Qro5BdJZj
3DAAnRuzYiQs1ThBxTItZ+e6T7RaLytC
=h/VC
-----END PGP SIGNATURE-----

--- End Message ---

Bug#574021: marked as done (CVE-2010-0421: libpangoft2 segfaults on forged font files)

Reply via email to