Mandriva Linux Security Advisory 2009-158 – Integer overflow in the pango_glyph_string_set_size function in pango/glyphstring.c in Pango before 1.24 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a long glyph string that triggers a heap-based buffer overflow. This update corrects the issue. pango for CS4 broke applications like MandrivaUpdate, mcc and so on. This update corrects this problem.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/82737/MDVSA-2009-158-1.txt
Source: https://packetstormsecurity.com/files/82737/Mandriva-Linux-Security-Advisory-2009-158.html