Bug 240636 (CVE-2008-4555)

Summary:	media-gfx/graphviz <2.20.3 push_subg() buffer overflow (CVE-2008-4555)
Product:	Gentoo Security	Reporter:	Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	graphics+disabled
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://roeehay.blogspot.com/2008/10/graphviz-buffer-overflow-code-execution.html
Whiteboard:	A2 [glsa]
Package list:		Runtime testing required:	---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2008-10-09 06:30:20 UTC

See attached URL for full advisory.

Comment 1 Markus Meier gentoo-dev

2008-10-09 20:23:23 UTC

bumped in cvs

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-10-09 20:40:51 UTC

Arches, please test and mark stable:
=media-gfx/graphviz-2.20.3
Target keywords : "alpha amd64 arm hppa ia64 m68k ppc ppc64 s390 sh sparc x86"

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2008-10-11 05:44:26 UTC

Stable for HPPA.

Comment 4 Friedrich Oslage (RETIRED) gentoo-dev

2008-10-11 11:13:07 UTC

sparc stable

Comment 5 Tobias Scherbaum (RETIRED) gentoo-dev

2008-10-11 17:39:22 UTC

ppc stable

Comment 6 Richard Freeman gentoo-dev

2008-10-11 18:50:30 UTC

amd64 stable

Comment 7 Markus Meier gentoo-dev

2008-10-12 15:15:42 UTC

x86 stable

Comment 8 Raúl Porcel (RETIRED) gentoo-dev

2008-10-12 18:58:00 UTC

alpha/ia64 stable

Comment 9 Markus Rothe (RETIRED) gentoo-dev

2008-10-14 08:27:05 UTC

ppc64 stable

Comment 10 Tobias Heinlein (RETIRED) gentoo-dev

2008-10-16 18:48:14 UTC

Thanks. GLSA request filed.

Comment 11 Tobias Heinlein (RETIRED) gentoo-dev

2008-11-10 17:58:01 UTC

GLSA 200811-04, thanks everyone, sorry about the delay.