Debian Bug report logs -
#898841
graphviz: CVE-2018-10196
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>:
Bug#898841; Package src:graphviz.
(Wed, 16 May 2018 13:00:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Laszlo Boszormenyi (GCS) <gcs@debian.org>.
(Wed, 16 May 2018 13:00:05 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: graphviz
Version: 2.40.1-3
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.com/graphviz/graphviz/issues/1367
Hi,
The following vulnerability was published for graphviz.
CVE-2018-10196[0]:
null derefence in rebuild_vlist
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10196
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10196
[1] https://gitlab.com/graphviz/graphviz/issues/1367
Please adjust the affected versions in the BTS as needed.
Regards,
Salvatore
Reply sent
to Laszlo Boszormenyi (GCS) <gcs@debian.org>:
You have taken responsibility.
(Mon, 08 Apr 2019 17:06:03 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Mon, 08 Apr 2019 17:06:03 GMT) (full text, mbox, link).
Message #10 received at 898841-close@bugs.debian.org (full text, mbox, reply):
Source: graphviz
Source-Version: 2.40.1-6
We believe that the bug you reported is fixed in the latest version of
graphviz, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 898841@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <gcs@debian.org> (supplier of updated graphviz package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Mon, 08 Apr 2019 15:51:00 +0000
Source: graphviz
Architecture: source
Version: 2.40.1-6
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Changed-By: Laszlo Boszormenyi (GCS) <gcs@debian.org>
Closes: 898841
Changes:
graphviz (2.40.1-6) unstable; urgency=high
.
* Fix CVE-2018-10196: NULL pointer dereference in rebuild_vlists()
(closes: #898841).
Checksums-Sha1:
1aac20d2b28277713e3aa0ea758cd3df70c325fa 3213 graphviz_2.40.1-6.dsc
960b9406878f548ef3edd90c62ca9ba58654eae9 51348 graphviz_2.40.1-6.debian.tar.xz
a405f3c198418012c1b393d9689b5eb5d3df6258 24546 graphviz_2.40.1-6_amd64.buildinfo
Checksums-Sha256:
5566f1b10d9646447102a13f7d5d04763702e2b32fa4e27f4542caf77708a93b 3213 graphviz_2.40.1-6.dsc
34055a47c6a672fdf60475b58e37264ea431bd008f939f74c8094a0c84ea9b0b 51348 graphviz_2.40.1-6.debian.tar.xz
c8b050e714d34d6b5a73d311ed3eaeeb8a7c4731c3bb740a01e4521d67f437ae 24546 graphviz_2.40.1-6_amd64.buildinfo
Files:
13c4bc358166e605962047dd6148d8aa 3213 graphics optional graphviz_2.40.1-6.dsc
782d8082bdfb24dc9b1380ba5c1d6229 51348 graphics optional graphviz_2.40.1-6.debian.tar.xz
da3464690a24361ddd075d7f3f9f852c 24546 graphics optional graphviz_2.40.1-6_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlyre2cACgkQ3OMQ54ZM
yL+dCg/+LZjsiSDQ4JXub7N1Zd80lKEqglhFLyb3FVSD1V6ufRxbjHtTHTeHjj4c
VhNE1J/9S1dkCxYC+49pVSVVCzl1Jsvvre2ToQLQ8Vxta+zvLDrfXUQeNFQa5o8u
25SdYN6KQfQzPbr8yFkAvow2Mqi+Q7brBCtXpRTbi2+tSoC+4QUOTfQNfUsfbPFS
L6Y55ciPWKGYyvtNWJvccKMSuZh56TtVRqfTp5z44YS7JgNjzPhao0fP/GX0xoQ0
aUrbXe47pq/2foqRjxC7AMyA6Ogruv3QnnwMFXFwhFAOaFoZpfCxGYBJiv/G/L96
bAGrrnJGaAhu7vEJ6Y448xiqlSHkBoC9D61rM6FHSyZgCWKHvBDJMXtHKVS4Po8P
zvWT22L6bysLIdRpmzYzAJBeCgeBb3aKBRqJYRlQr3SXP8mpi13vHzcAmqNPYl5e
4chbj0yIagj+P6DGH1SHXZAksiG2pUWE6Co322TajtN/7vqztkfkNMPu4RoaqbKb
8CTbrZJ64GpvukWELxeCPNc0JEDHCmM5QEopHSxeOQBVtjOtESRqx3wPMnWZS1Hu
0SkUAwcpFAZmfNip3rT9wLsIhC3Zs12TljWrCGz5Cgjj3MKSyCW/bFTYM6WqEanN
RbcpO7j7C01M9ktEIsQBEdBI3LDGH2lQMQGN959E9dh8XxCFRXM=
=ILqI
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Tue, 07 May 2019 07:26:56 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:00:17 2019;
Machine Name:
buxtehude
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon