This prevents and assertion which can be triggered by invalid Unicode sequences.
I'll be doing a release with this fix shortly, but since this can crash apps like hexchat
or gnome-terminal, it is a good idea to get the patch out as soon as possible.
This affects all versions of Pango since color Emoji support was introduced in 1.40.8.
Upstream patch: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f
The bug has been referenced in the following commit(s):
Author: Mart Raudsepp <email@example.com>
AuthorDate: 2018-08-20 16:51:57 +0000
Commit: Mart Raudsepp <firstname.lastname@example.org>
CommitDate: 2018-08-20 16:52:42 +0000
x11-libs/pango: bump to 1.42.4
Package-Manager: Portage-2.3.47, Repoman-2.3.10
x11-libs/pango/Manifest | 1 +
x11-libs/pango/files/1.42.4-pango-view.1.in | 113 ++++++++++++++++++++++++++++
x11-libs/pango/pango-1.42.4.ebuild | 65 ++++++++++++++++
3 files changed, 179 insertions(+)
Please stabilize pango-1.42.4 and its newer fontconfig dependency. fontconfig de jure maintainer is not active in fontconfig at all, and the de facto maintainer (Poly-C) signed off on it a week or so ago for future needs.
New GLSA request filed.
Stable on alpha.
hppa project: Please finish stabilization. Security team is releasing GLSA but the users can still install vulnerable version until cleanup. Please stabilize or move package to non-stable / testing.
This issue was resolved and addressed in
GLSA 201811-07 at https://security.gentoo.org/glsa/201811-07
by GLSA coordinator Thomas Deutschmann (whissi).
Re-opening for remaining architecture.
@maintainer(s), please clean vulnerable.