On Thu, Jul 23, 2020, at 18:34, Jochen Neumeister wrote: > Author: joneum > Date: Thu Jul 23 18:34:50 2020 > New Revision: 542951 > URL: https://svnweb.freebsd.org/changeset/ports/542951 > > Log: > SECURITY UPDATE: Buffer overflow > > Gnome Pango 1.42 and later is affected by: Buffer Overflow. The > impact is: The heap based buffer overflow can be used to get code > execution. The component is: function name: > pango_log2vis_get_embedding_levels, assignment of nchars and the loop > condition. The attack vector is: Bug can be used when application pass > invalid utf-8 strings to functions like pango_itemize. > > PR: 239563 > Reported by: Miyashita Touka <[email protected]> > Approved by: gnome (maintainer timeout) > MFH: 2020Q3 > Security: 456375e1-cd09-11ea-9172-4c72b94353b5 > Sponsored by: Netzkommune GmbH > > Added: > head/x11-toolkits/pango/files/CVE-20191010238 (contents, props changed) > Modified: > head/x11-toolkits/pango/Makefile > > Modified: head/x11-toolkits/pango/Makefile > ============================================================================== > --- head/x11-toolkits/pango/Makefile Thu Jul 23 18:34:47 2020 > (r542950) > +++ head/x11-toolkits/pango/Makefile Thu Jul 23 18:34:50 2020 > (r542951) > @@ -3,7 +3,7 @@ > > PORTNAME= pango > PORTVERSION= 1.42.4 > -PORTREVISION= 3 > +PORTREVISION= 4 > CATEGORIES= x11-toolkits > MASTER_SITES= GNOME > DIST_SUBDIR= gnome2 > > Added: head/x11-toolkits/pango/files/CVE-20191010238 > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/x11-toolkits/pango/files/CVE-20191010238 Thu Jul 23 18:34:50 > 2020 (r542951) > @@ -0,0 +1,16 @@ > +--- ../pango/pango-bidi-type.c.orig 2020-07-23 19:10:14.338937000 +0200 > ++++ ../pango/pango-bidi-type.c 2020-07-23 19:12:15.511836000 +0200 > +@@ -179,8 +179,11 @@ pango_log2vis_get_embedding_levels (const gchar > *te > + for (i = 0, p = text; p < text + length; p = g_utf8_next_char(p), > i++) > + { > + gunichar ch = g_utf8_get_char (p); > +- FriBidiCharType char_type; > +- char_type = fribidi_get_bidi_type (ch); > ++ FriBidiCharType char_type = fribidi_get_bidi_type (ch); > ++ > ++ if (i == n_chars) > ++ break; > ++ > + bidi_types[i] = char_type; > + ored_types |= char_type; > + if (FRIBIDI_IS_STRONG (char_type))
The port is still vulnerable: files/CVE-20191010238 has no 'patch-' prefix so is never applied by the framework. How did this pass review? _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-desktop To unsubscribe, send any mail to "[email protected]"
