Synopsis:	Important: pango security update
Issue date:	2009-05-08
CVE Names:	CVE-2009-1194

Will Drewry discovered an integer overflow flaw in Pango's
pango_glyph_string_set_size() function. If an attacker is able to pass 
an arbitrarily long string to Pango, it may be possible to execute 
arbitrary code with the permissions of the application calling Pango. 
(CVE-2009-1194)

After installing this update, you must restart your system or restart 
the X server for the update to take effect. Note: Restarting the X 
server closes all open applications and logs you out of your session.

SL 3.0.x

       SRPMS:
pango-1.2.5-8.src.rpm
       i386:
pango-1.2.5-8.i386.rpm
pango-devel-1.2.5-8.i386.rpm
       x86_64:
pango-1.2.5-8.i386.rpm
pango-1.2.5-8.x86_64.rpm
pango-devel-1.2.5-8.x86_64.rpm

SL 4.x

       SRPMS:
evolution28-pango-1.14.9-11.el4_7.src.rpm
pango-1.6.0-14.4_7.src.rpm
       i386:
evolution28-pango-1.14.9-11.el4_7.i386.rpm
evolution28-pango-devel-1.14.9-11.el4_7.i386.rpm
pango-1.6.0-14.4_7.i386.rpm
pango-devel-1.6.0-14.4_7.i386.rpm
       x86_64:
evolution28-pango-1.14.9-11.el4_7.x86_64.rpm
evolution28-pango-devel-1.14.9-11.el4_7.x86_64.rpm
pango-1.6.0-14.4_7.i386.rpm
pango-1.6.0-14.4_7.x86_64.rpm
pango-devel-1.6.0-14.4_7.x86_64.rpm

SL 5.x

       SRPMS:
pango-1.14.9-5.el5_3.src.rpm
       i386:
pango-1.14.9-5.el5_3.i386.rpm
pango-devel-1.14.9-5.el5_3.i386.rpm
       x86_64:
pango-1.14.9-5.el5_3.i386.rpm
pango-1.14.9-5.el5_3.x86_64.rpm
pango-devel-1.14.9-5.el5_3.i386.rpm
pango-devel-1.14.9-5.el5_3.x86_64.rpm

-Connie Sieh
-Troy Dawson