Created attachment 196719 [details] Upstream patch for DoS attach CVS-2018-15120: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15120 Patch here: https://gitlab.gnome.org/GNOME/pango/commit/71aaeaf020340412b8d012fe23a556c0420eda5f Add this file to the files directory to apply the fix.
FWIW, BZ 229761 has an update to pango 1.42.1, but based on the CVE it needs to update to 1.42.4.
Maybe we should go ahead and direct commit this to the quarterly branch so this issue is fixed for pkg users between now and when the next quarterly branch comes out? I'm willing to do the work. Koop, does that sound OK to you?
(In reply to Steve Wills from comment #2) Wait, sorry, the Gnome 3.28 update went in just before the 2018Q4 quarterly branch was created, so I think we're good on this now.