Description of problem:
pango should be rebuilt against new glib2 package version (>= glib2-2.22.5-2.el6) that have g_new version with guards against integer overflows.
This is needed for:
Protections to g_new were added via:
Rebuild should address existing blocker bug #573883 too.
- check dependency tree (see description).
# rpm -qpR pango-1.28.1-1.el6.x86_64.rpm | grep glib2
glib2 >= 2.17.3-1
Shouldn't be this switched for glib2 >= 2.22 or so?
My system have glib2-2.22.5-3.el6, new pango is successfully installable and works fine.
Is this sufficient reproducer? If yes we could move to verified.
please update glib dependency to >=glib2-2.22.5-2.el6 as (according to bug 573966) the wanted behaviour was added into that version.
There will be no older glib2 than that in RHEL6. So, while it may be more correct to bump it, it is not as if that would prevent anything bad from happening.
closing this as not a bug see previous comments. reopen if you think we should do anything more about it
I'd say resolution is not correct, as requested rebuild was done.
the require from pango-1.28.1-3.el6 is glib2 >= 2.17.3-1 not 2.22 so it wasn't fixed as expected