-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: graphviz Binary: graphviz, libgv-guile, libgv-lua, libgv-perl, libgv-php5, libgv-python, libgv-ruby, libgv-tcl, libgraph4, libcgraph5, libcdt4, libpathplan4, libgvc5, libgvc5-plugins-gtk, libgvpr1, libxdot4, libgraphviz-dev, graphviz-doc, graphviz-dev Architecture: any all Version: 2.26.3-14+deb7u2 Maintainer: David Claughton <[email protected]> Uploaders: Christoph Egger <[email protected]>, Sebastian Harl <[email protected]> Homepage: http://www.graphviz.org/ Standards-Version: 3.8.4 Vcs-Browser: http://git.debian.org/?p=collab-maint/graphviz.git Vcs-Git: git://git.debian.org/git/collab-maint/graphviz.git Build-Depends: tk-dev, tcl-dev, debhelper (>= 7.1.0~), libfreetype6-dev, zlib1g-dev, libjpeg-dev, libpng-dev, libxaw7-dev, bison, flex, autotools-dev, pdksh, libexpat1-dev, libfontconfig1-dev, libltdl-dev (>= 2.2.6b), swig, libperl-dev, libgd2-noxpm-dev (>= 2.0.35), groff-base, ghostscript, lua5.1, liblua5.1-0-dev, ruby1.8, ruby1.8-dev, php5-dev, php5-cli, python-all-dev, python-minimal, libcairo2-dev, libpango1.0-dev, guile-1.8-dev, d-shlibs, python-support, chrpath, dh-autoreconf, libgtk2.0-dev, libgnomeui-dev Build-Conflicts: tcl8.3, tcl8.4 Package-List: graphviz deb graphics optional graphviz-dev deb devel optional graphviz-doc deb doc optional libcdt4 deb libs optional libcgraph5 deb libs optional libgraph4 deb libs optional libgraphviz-dev deb libdevel optional libgv-guile deb interpreters optional libgv-lua deb interpreters optional libgv-perl deb perl optional libgv-php5 deb php optional libgv-python deb python optional libgv-ruby deb ruby optional libgv-tcl deb interpreters optional libgvc5 deb libs optional libgvc5-plugins-gtk deb libs optional libgvpr1 deb libs optional libpathplan4 deb libs optional libxdot4 deb libs optional Checksums-Sha1: 04503ac5a9eaa579859f0d017811fa245717edec 17092429 graphviz_2.26.3.orig.tar.gz 86f59cc4b98eb9d4d51d22de679984ba77754dbc 54048 graphviz_2.26.3-14+deb7u2.debian.tar.gz Checksums-Sha256: f410996e69b1095237c2128deae5fc7b6ce99055b095271abb14447bc2f37fa1 17092429 graphviz_2.26.3.orig.tar.gz 6c312bd85dccf91bc6e113011a380a62470e5ab265cac701f3ea4c9297f67b22 54048 graphviz_2.26.3-14+deb7u2.debian.tar.gz Files: 6f45946fa622770c45609778c0a982ee 17092429 graphviz_2.26.3.orig.tar.gz 64a3501831e00a0bf19c3ad1db95ccce 54048 graphviz_2.26.3-14+deb7u2.debian.tar.gz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUiJMbXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHI+0P/i0JpUaAqxOJV2ZfmT5GoT/u eLvw1h7eduVvgHiu+8T7YL9fEjUmEnkmtxTjaIF87Gte5L53+Pcyvo8QJkAR9xOo 6Jt5fDsXJkcAhOXnW3Mlot0Pem0OXsB/93iiJA4gZx81MWQH8IX8T0qDoDguU3iD yw3hgM9PrtM+yanaTA7it05l/6mqmPRYTXoBlGzbZfBVGJj0SBnS3iWoltUdC24P SQQE3YHy/HFUlvwqLH2jO0ljbtr+X6/ZgbmMwGeyMkc/7nGkOkaYlqD0Iot1v1dZ Ly+D5+8uN1mWaO0i+hqOQE34GtPazIhQl1Ba/ErcwBpxxPvXbzWM01gLzXVwul2O IHGUIm11iOBOL9fAuFdxx3rYctGM+gTb4HgCdWo1byrmKsQ6ucYhhLOyjEnn51j5 qHybj0iBzzX7Jon3GJeGxtwKv/RgMVdVa5kQ2NUxN6PhnM8PizpOczoUGenYjdMg 9aKAd8vZuUvOENYIRjonqQ/XtRY6lQO5X2fn2mynz0o3QbimJ0B3/o+hF2igSL39 UHRCtQF199pBqCdqh1g54x61j+4MAzIn70BNkudXdWLKTe8PZQq21VsYkbaXiPUq o5GTRHHMwN130YFX0JLOgsK3uyt7QArPLB0DTBUVTYHEq2LK09fp3bOzKDEHQ5EH Q1sy9q79jIApVnl6kQqX =46Ws -----END PGP SIGNATURE----- Changes: graphviz (2.26.3-14+deb7u2) wheezy-security; urgency=high * Non-maintainer upload by the Security Team. * Add CVE-2014-9157.patch patch (Closes: #772648) Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. -- Thorsten Alteholz <[email protected]> Mon, 08 Dec 2014 17:34:32 +0100
