Univention Bugzilla – Bug 53268
graphviz: Multiple issues (4.4)
Last modified: 2021-05-19 18:01:09 CEST
New Debian graphviz 2.38.0-17+deb9u1 fixes: This update addresses the following issues: * NULL pointer dereference in rebuild_vlis (CVE-2018-10196) * Buffer Overflow in Graphviz Graph Visualization Tools from commit ID f8b9e035 and earlier allows remote attackers to execute arbitrary code or cause a denial of service (application crash) by loading a crafted file into the "lib/common/shapes.c" component. (CVE-2020-18032)
--- mirror/ftp/4.3/unmaintained/4.3-0/source/graphviz_2.38.0-17.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/graphviz_2.38.0-17+deb9u1.dsc @@ -1,3 +1,11 @@ +2.38.0-17+deb9u1 [Thu, 13 May 2021 13:33:34 +0530] Utkarsh Gupta <utkarsh@debian.org>: + + * Non-maintainer upload by the LTS team. + * Fix CVE-2018-10196: NULL pointer dereference in + rebuild_vlists(). (Closes: #898841) + * Fix CVE-2020-18032: out of bounds write on invalid label. + (Closes: #988000) + 2.38.0-17 [Sun, 19 Feb 2017 10:32:17 +0000] Laszlo Boszormenyi (GCS) <gcs@debian.org>: * Correct host value for configure in Jonathan's upload (closes: #855418). <http://piuparts.knut.univention.de/4.4-8/#7424586188700757729>
OK: yaml OK: announce_errata OK: patch OK: piuparts
<https://errata.software-univention.de/#/?erratum=4.4x975>