Bug 23495

Summary: pango new security issue CVE-2018-15120
Product: Mageia Reporter: David Walser <luigiwalser>
Component: SecurityAssignee: Rémi Verschelde <rverschelde>
Status: RESOLVED INVALID QA Contact: Sec team <security>
Severity: major    
Priority: Normal    
Version: 6   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Source RPM: pango-1.40.6-1.1.mga6.src.rpm CVE:
Status comment:

Description David Walser 2018-08-28 22:22:21 CEST 
Ubuntu has issued an advisory on August 22:
https://usn.ubuntu.com/3750-1/
Comment 1 Rémi Verschelde 2018-08-30 14:50:55 CEST 
Working on this.

Assignee: bugsquad => rverschelde

Comment 2 Rémi Verschelde 2018-08-30 14:55:46 CEST 
The patch for CVE-2018-15120 is on the pango/pango-emoji.c file, which is not present in our version 1.40.6.

It seems that the feature was added in 1.40.8, so we're safe: https://github.com/GNOME/pango/blob/1.40.8/NEWS

Cauldron ships 1.42.4 already so it's good too.

Status: NEW => RESOLVED
Resolution: (none) => INVALID