Summary: | <media-gfx/graphviz-2.42.1: NULL pointer dereference vulnerability in the rebuild_vlists (CVE-2018-10196) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Pacho Ramos <pacho> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | graphics+disabled |
Priority: | Normal | Flags: | nattka:
sanity-check-
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://gitlab.com/graphviz/graphviz/issues/1367 | ||
See Also: | https://github.com/gentoo/gentoo/pull/12790 | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
media-gfx/graphviz-2.42.1
|
Runtime testing required: | --- |
Description
Pacho Ramos
2019-04-04 12:33:52 UTC
Fixed upstream in git master the same day: https://gitlab.com/graphviz/graphviz/commit/8375908cba04be37f571abd1519b04286d3655fa The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f430eaf4ff2738fae69c577f0e1eb40429b42d23 commit f430eaf4ff2738fae69c577f0e1eb40429b42d23 Author: Chris Mayo <aklhfex@gmail.com> AuthorDate: 2019-08-25 18:56:52 +0000 Commit: Andreas Sturmlechner <asturm@gentoo.org> CommitDate: 2019-09-14 14:52:24 +0000 media-gfx/graphviz: version bump to 2.42.1 Bug: https://bugs.gentoo.org/682522 Package-Manager: Portage-2.3.69, Repoman-2.3.16 Signed-off-by: Chris Mayo <aklhfex@gmail.com> Closes: https://github.com/gentoo/gentoo/pull/12790 Signed-off-by: Andreas Sturmlechner <asturm@gentoo.org> media-gfx/graphviz/Manifest | 1 + .../files/graphviz-2.42.1-libgv_python.patch | 15 ++ .../graphviz/files/graphviz-2.42.1-math.patch | 38 +++ media-gfx/graphviz/graphviz-2.42.1.ebuild | 283 +++++++++++++++++++++ 4 files changed, 337 insertions(+) x86 stable amd64 stable arm stable hppa stable arm64 stable s390 stable sparc stable ppc64 stable ppc stable ia64 stable alpha stable all arches stable Btw, cleanup done in git commit c60d0ab2d049b8a8cb579f4ac6c5da2e14a9a30c (In reply to Andreas Sturmlechner from comment #14) > Btw, cleanup done in git commit c60d0ab2d049b8a8cb579f4ac6c5da2e14a9a30c Thanks. Unable to check for sanity:
> no match for package: media-gfx/graphviz-2.42.1
GLSA Vote: No Thank you all for you work. Closing as [noglsa]. |