Comment 5 for bug 696616

This bug was fixed in the package pango1.0 - 1.28.3-4ubuntu1

---------------
pango1.0 (1.28.3-4ubuntu1) natty; urgency=low

  * Merge changes from 1.28.3-1+squeeze1:
    - 01_CVE-2011-0020.patch: patch from Behdad Esfahbod to fix heap
      corruption. Closes: #610792, CVE-2011-0020. LP: #696616.
  * Merge changes from 1.28.3-2~sid1:
    - 02_CVE-2011-0064.patch: patch from Behdad Esfahbod and Karl Tomlinson to
      fix buffer overwrite on OOM realloc failure. CVE-2011-0064, Mozilla
      #606997.
  * Add 00git_gi_annotations.patch: Cherrypick GI annotation fixes from
    upstream trunk.
  * debian/rules: Remove upstream shipped pango/*.gir to force their
    regeneration during package build.
 -- Martin Pitt <email address hidden> Thu, 10 Mar 2011 11:34:30 +0100