Univention Bugzilla – Bug 33868
graphviz: Bufferoverflow (3.2)
Last modified: 2014-05-20 07:53:32 CEST
+++ This bug was initially created as a clone of Bug #33867 +++ CVE-2014-0978 Buffer overflow triggerable by malformed file
Two additional buffer overflows: CVE-2014-1235 and CVE-2014-1236
These issues were fixed with the update to Squeeze 6.0.9 (Bug 34588). The QA should ideally be made by the same person. CVE-2014-1235 doesn't affect the graphviz version in UCS 3.2, this CVE ID is for an incomplete patch never applied.
OK: aptitude install graphviz OK: dotty dep.dot OK: graphviz (2.26.3-5+squeeze2) squeeze-security; urgency=high * Add CVE-2014-0978.patch patch. CVE-2014-0978: Fix stack-based buffer overflow due to a boundary error in the "yyerror()" function. (Closes: #734745) * Add CVE-2014-1236.patch patch. CVE-2014-1236: buffer overflow from user input (the regexp in chkNum would accept arbitrary long digit list) (Closes: #734745)
UCS 3.2-2 has been released: http://docs.univention.de/release-notes-3.2-2-en.html http://docs.univention.de/release-notes-3.2-2-de.html If this error occurs again, please use "Clone This Bug".