Incoming details.
From $URL: This prevents and assertion which can be triggered by invalid Unicode sequences. I'll be doing a release with this fix shortly, but since this can crash apps like hexchat or gnome-terminal, it is a good idea to get the patch out as soon as possible. This affects all versions of Pango since color Emoji support was introduced in 1.40.8. Upstream patch: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d1edcc424c04a62d7412f9acf027f90b6728a7b5 commit d1edcc424c04a62d7412f9acf027f90b6728a7b5 Author: Mart Raudsepp <leio@gentoo.org> AuthorDate: 2018-08-20 16:51:57 +0000 Commit: Mart Raudsepp <leio@gentoo.org> CommitDate: 2018-08-20 16:52:42 +0000 x11-libs/pango: bump to 1.42.4 Bug: https://bugs.gentoo.org/664108 Package-Manager: Portage-2.3.47, Repoman-2.3.10 x11-libs/pango/Manifest | 1 + x11-libs/pango/files/1.42.4-pango-view.1.in | 113 ++++++++++++++++++++++++++++ x11-libs/pango/pango-1.42.4.ebuild | 65 ++++++++++++++++ 3 files changed, 179 insertions(+)
Please stabilize pango-1.42.4 and its newer fontconfig dependency. fontconfig de jure maintainer is not active in fontconfig at all, and the de facto maintainer (Poly-C) signed off on it a week or so ago for future needs.
arm64 stable
sparc done.
amd64 stable
x86 stable
New GLSA request filed.
ia64 stable
Stable on alpha.
ppc/ppc64 stable
arm stable
s390 stable
hppa project: Please finish stabilization. Security team is releasing GLSA but the users can still install vulnerable version until cleanup. Please stabilize or move package to non-stable / testing.
This issue was resolved and addressed in GLSA 201811-07 at https://security.gentoo.org/glsa/201811-07 by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
hppa stable
@maintainer(s), please clean vulnerable.
pretty please
