-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-4496-1 security@xxxxxxxxxx https://www.debian.org/security/ Salvatore Bonaccorso August 11, 2019 https://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : pango1.0 CVE ID : CVE-2019-1010238 Debian Bug : 933860 Benno Fuenfstueck discovered that Pango, a library for layout and rendering of text with an emphasis on internationalization, is prone to a heap-based buffer overflow flaw in the pango_log2vis_get_embedding_levels function. An attacker can take advantage of this flaw for denial of service or potentially the execution of arbitrary code. For the stable distribution (buster), this problem has been fixed in version 1.42.4-7~deb10u1. We recommend that you upgrade your pango1.0 packages. For the detailed security status of pango1.0 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/pango1.0 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEERkRAmAjBceBVMd3uBUy48xNDz0QFAl1QMblfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQACgkQBUy48xND z0TNuhAAhi1fZW2f4T30VPfIfGdbZgGW+gO/1TH3eAqQXisy2ga4p5RJTIuNVUjx mjD7FqYlrxuaAMuqqkCOEGTZIa8RVswjttcnsPZ+u9U8XhEWdbWy0iLq9+Ukkk2k /bp5uHI1MCpG9pHY/cb2VKmK9XpBBZcykhR6fhoRgOt1MW/Qnmn+aNvGzfcSJugc ZGziyvJ8FmVAqNpkuaiCTSbbx815LiZgd784X9VdN4hjso5uQfZfVSjwOVkXLnG2 oInrlP2GxKBptJAKtxe/Uzc1Bx6j7Q2iXUQPZ1O7d4e8/G7Knbsvub89eQSwJmHW SmP//xLtmlq3bJGACekLs1cJgajLs7kfKxp+DI/Ar1PMZt3F5muMWTUSx1u33v9E JiQD9q63Yhe8fAtPeFkb8HMu5fjYUCJ8fSEVs6bf0P2Ccy5hfZbsjs71YCUw+ddC Pj2OFs5vFjOh8/Jr7bPHsmCiN+j4GKzHyOGdYxJcX7I62CVZDcJ27PXcbxpqEaj+ cxJ4oHdBz5L+LQUC4EoSIpCzv2Bt81xdibTUmx19sqTn5KdVl0H04PZoqstBYKwo nzkouQd899moTQF33ECymphvrqGAx/ko6n/11w7QoY1EdTSuwTxyXOayu8I3NqGi XKAKJyQJ7xEmwXIAvO25ZJLNO1d7p0pz7ij56BKYSnwb1xhYoek= =66S5 -----END PGP SIGNATURE-----