-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3098-1 security@xxxxxxxxxx http://www.debian.org/security/ Salvatore Bonaccorso December 11, 2014 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : graphviz CVE ID : CVE-2014-9157 Debian Bug : 772648 Joshua Rogers discovered a format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz, a rich set of graph drawing tools. An attacker could use this flaw to cause graphviz to crash or possibly execute arbitrary code. For the stable distribution (wheezy), this problem has been fixed in version 2.26.3-14+deb7u2. For the upcoming stable distribution (jessie), this problem will be fixed soon in version 2.38.0-7. For the unstable distribution (sid), this problem has been fixed in version 2.38.0-7. We recommend that you upgrade your graphviz packages. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@xxxxxxxxxxxxxxxx -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUicMWAAoJEAVMuPMTQ89EdygP/iTwBisnJ13s+afAineui04Z hJrj41+Wb7GQ7zkX1NZXC7e6JgD4S7GiZ0AQnoAG1dKv9yuXDc8Rk2MThP9VuSnl RR+sT6aTAf5rhFO342EgcTdf7H/PWz2NOVR+xHMKqd3PkwA22GmjUX9cRBeiW4Mv uYd6Jaq2rM5OALksebUr81zONtKbBz5jV22LtfyF4nkv+4RkzefqyJZspEbXGN2M ElDAkBHq3uQDeaGrzW4Xd+dlxnIJD2/KHGnCDv4YFOgX2X9dd80Txt3W51st8tgt TzkNPpiNUT+Izruuo772oOgQdvtCEY/reRJJw0SAP2cu2oMD/poMkbbCJ3aBlv35 kR79MseJBigdgpzatF1MUtgpQT+Fm2T6lyszGaViEJ2rWAFBV7x7cX7nZke2vZb2 Nrt+/w1hwnsFG0TsGCTD6k7HF+gVkva+OMhNje396dsHhtQHWQmOQfOuVRDpqRfI 1ijvXGXomOCE9iXm/rDaEq2MsuyjB6QPaIGfD7oZun8seH0Cv+U1f7Hp7e7kn6Cf 0uIYHG2NRSkaUrdbDWfnms6X882JFm1LHe2GdoPo64nCrOs67xwfOn+78GaYFyRN QBT78lyFv4SDlrwiawPKxeTFg6eAxrSXeqdJuuy4flPIUV4k613EeJ3lMMsdmrY3 YhL3IpIOCaeow6VZDNjP =J1ug -----END PGP SIGNATURE-----
