Package: python-pyfribidi Architecture: i386 Source: pyfribidi Version: 0.10.0-2
There's a buffer overflow in pyfribidi: # python2.6 -c 'import pyfribidi; pyfribidi.log2vis(unichr(0x10000)*5)' Segmentation fault The reason is the following (see https://github.com/pediapress/pyfribidi/issues/2): fribidi_utf8_to_unicode consumes at most 3 bytes for a single unicode character, i.e. it does not handle unicode character above 0xffff. For a 4 byte utf-8 sequence it will generate 2 unicode characters, which overflows the logical buffer. It's fixed with https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a (or with pyfribidi 0.11 from pypi) IMHO the issue is security relevant. -- Cheers Ralf _______________________________________________ Python-modules-team mailing list Python-modules-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/python-modules-team