_______________________________________________________________________
Package : pango
Date : November 16, 2009
Affected: Corporate 3.0
_______________________________________________________________________
Problem Description:
Integer overflow in the pango_glyph_string_set_size function in
pango/glyphstring.c in Pango before 1.24 allows context-dependent
attackers to cause a denial of service (application crash) or possibly
execute arbitrary code via a long glyph string that triggers a
heap-based buffer overflow.
This update corrects the issue.
Update:
pango for CS3 broke applications like MandrivaUpdate, mcc and so
on. This update corrects this problem.
_______________________________________________________________________
References:
http://cve.mitre.org/cgi-bin/cvename.cg ... -2009-1194
https://qa.mandriva.com/55674
_______________________________________________________________________