Bug 502582 - CVE-2009-1194 pango: pango_glyph_string_set_size integer overflow
Summary: CVE-2009-1194 pango: pango_glyph_string_set_size integer overflow
Alias: None
Product: Fedora
Classification: Fedora
Component: pango
Version: 11
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Behdad Esfahbod
QA Contact: Fedora Extras Quality Assurance
URL: http://fedoraproject.org/wiki/Securit...
Depends On:
Blocks: CVE-2009-1194
TreeView+ depends on / blocked
Reported: 2009-05-26 09:28 UTC by Tomas Hoger
Modified: 2009-12-03 21:07 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2009-12-03 21:07:56 UTC

Attachments (Terms of Use)

Description Tomas Hoger 2009-05-26 09:28:32 UTC
This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in all affected branches.

For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in "Blocks" field.

	bug #496887: CVE-2009-1194 pango: pango_glyph_string_set_size integer overflow

When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product.
Please mention CVE ids in the RPM changelog when available and only close this bug once all affected Fedora versions are fixed.

Bodhi update submission link:

Comment 1 Tomas Hoger 2009-05-26 09:29:34 UTC
F11 / F12 are already updated to fixed upstream version (1.24+), F9 and F10 are affected.

Comment 2 zouxiaogang 2009-05-30 03:03:12 UTC
that F9 and F10 are updated,what time? 
pango-1.22.3-1.fc10.i386   (now)

Comment 3 Bug Zapper 2009-06-09 16:34:32 UTC
This bug appears to have been reported against 'rawhide' during the Fedora 11 development cycle.
Changing version to '11'.

More information and reason for this action is here:

Comment 4 Vincent Danen 2009-12-03 21:07:56 UTC
This is fixed in Fedora 11 and 12, but is still unfixed in Fedora 10.  Closing it; I doubt we'll see a fix for Fedora 10 at this point.

Note You need to log in before you can comment on or make changes to this bug.