Hi, attacked is the debdiff for the lenny version.
Cheers, Giuseppe.
diff -u pango1.0-1.20.5/debian/changelog pango1.0-1.20.5/debian/changelog
--- pango1.0-1.20.5/debian/changelog
+++ pango1.0-1.20.5/debian/changelog
@@ -1,3 +1,13 @@
+pango1.0 (1.20.5-5+lenny1) stable-security; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0421: improper input sanitization, leading to array indexing
+ error, in the way Pango font rendering library synthesized Glyph Definition
+ Table (GDEF) from the font's character map and the Unicode property
+ database. (Closes: #574021)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Thu, 18 Mar 2010 15:18:06 +0100
+
pango1.0 (1.20.5-5) stable; urgency=low
* Merge changes from the 1.20.5-3+lenny1 security upload by Steffen
diff -u pango1.0-1.20.5/debian/patches/series
pango1.0-1.20.5/debian/patches/series
--- pango1.0-1.20.5/debian/patches/series
+++ pango1.0-1.20.5/debian/patches/series
@@ -8,0 +9 @@
+CVE-2010-0421.patch
only in patch2:
unchanged:
--- pango1.0-1.20.5.orig/debian/patches/CVE-2010-0421.patch
+++ pango1.0-1.20.5/debian/patches/CVE-2010-0421.patch
@@ -0,0 +1,32 @@
+CVE-2010-0421
+--- a/pango/opentype/harfbuzz-gdef.c
++++ b/pango/opentype/harfbuzz-gdef.c
+@@ -923,7 +923,7 @@ HB_Error HB_GDEF_Build_ClassDefinition(
+ goto Fail1;
+ }
+
+- if ( gcrr[count - 1].End != num_glyphs - 1 )
++ if ( gcrr[count - 1].End + 1 < num_glyphs )
+ {
+ if ( ALLOC_ARRAY( ngc[count],
+ ( num_glyphs - gcrr[count - 1].End + 2 ) / 4,
+@@ -938,7 +938,9 @@ HB_Error HB_GDEF_Build_ClassDefinition(
+ HB_UShort ) )
+ goto Fail2;
+ }
+-
++ else
++ num_glyphs = 1;
++
+ gdef->LastGlyph = num_glyphs - 1;
+
+ gdef->MarkAttachClassDef_offset = 0L;
+@@ -996,6 +998,8 @@ _HB_GDEF_Add_Glyph_Property( HB_GDEFHead
+ HB_ClassRangeRecord* gcrr;
+ HB_UShort** ngc;
+
++ if ( glyphID >= gdef->LastGlyph )
++ return 0;
+
+ error = _HB_OPEN_Get_Class( &gdef->GlyphClassDef, glyphID, &class, &index );
+ if ( error && error != HB_Err_Not_Covered )
signature.asc
Description: OpenPGP digital signature
