-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: graphviz Binary: graphviz, libgv-guile, libgv-lua, libgv-perl, libgv-php5, libgv-python, libgv-ruby, libgv-tcl, libcgraph6, libcdt5, libpathplan4, libgvc6, libgvc6-plugins-gtk, libgvpr2, libxdot4, libgraphviz-dev, graphviz-doc, graphviz-dev Architecture: any all Version: 2.38.0-7 Maintainer: Debian QA Group <[email protected]> Homepage: http://www.graphviz.org/ Standards-Version: 3.9.5 Vcs-Browser: http://git.debian.org/?p=collab-maint/graphviz.git Vcs-Git: git://git.debian.org/git/collab-maint/graphviz.git Testsuite: autopkgtest Build-Depends: tk-dev, tcl-dev, debhelper (>= 9~), libfreetype6-dev, zlib1g-dev, libjpeg-dev, libpng-dev, libxaw7-dev, bison, flex, autotools-dev, libexpat1-dev, libfontconfig1-dev, libltdl-dev (>= 2.2.6b), swig, libperl-dev, libgd2-noxpm-dev (>= 2.0.35), groff-base, ghostscript, lua5.2, liblua5.2-dev, ruby, ruby-dev, php5-dev, php5-cli, python-all-dev (>= 2.6.6-3~), libcairo2-dev, libpango1.0-dev, guile-2.0-dev, d-shlibs, chrpath, dh-autoreconf, libgtk2.0-dev, libgnomeui-dev Build-Conflicts: tcl8.3, tcl8.4, tcl8.5 Package-List: graphviz deb graphics optional arch=any graphviz-dev deb oldlibs extra arch=all graphviz-doc deb doc optional arch=all libcdt5 deb libs optional arch=any libcgraph6 deb libs optional arch=any libgraphviz-dev deb libdevel optional arch=any libgv-guile deb interpreters optional arch=any libgv-lua deb interpreters optional arch=any libgv-perl deb perl optional arch=any libgv-php5 deb php optional arch=any libgv-python deb python optional arch=any libgv-ruby deb ruby optional arch=any libgv-tcl deb interpreters optional arch=any libgvc6 deb libs optional arch=any libgvc6-plugins-gtk deb libs optional arch=any libgvpr2 deb libs optional arch=any libpathplan4 deb libs optional arch=any libxdot4 deb libs optional arch=any Checksums-Sha1: 053c771278909160916ca5464a0a98ebf034c6ef 25848858 graphviz_2.38.0.orig.tar.gz 474bc72dbfe825de9686c88fcad9ab5083ad98e9 44120 graphviz_2.38.0-7.debian.tar.xz Checksums-Sha256: 81aa238d9d4a010afa73a9d2a704fc3221c731e1e06577c2ab3496bdef67859e 25848858 graphviz_2.38.0.orig.tar.gz 312ab8215fbe1800664675cfc284aecfeff3ce699407523b5bdefee64cf1a53c 44120 graphviz_2.38.0-7.debian.tar.xz Files: 5b6a829b2ac94efcd5fa3c223ed6d3ae 25848858 graphviz_2.38.0.orig.tar.gz 5cbcff92169d682471cdfdf58d215098 44120 graphviz_2.38.0-7.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCgAGBQJUiGi8AAoJEAVMuPMTQ89EKvIQAKAAT/C7XRzcnZRDPhB0WSpv iBZpIY13IKgBDA9fPfa8zrvK5mL4JdglXpXFrex8mh4IG7YI36pH1VvRI7zjBDVM oFXDGpHhiffx8UkEFp/kANniKco2UF4qnZVh8raBeQIngNw4i0KKdOO9M4BKmbAA ryUkP8YiqI8+WHSeO5BxYIYfJG453TU26tFVRVghoZMniBz0XjCQeW8Y7OAWwSL4 iGqcIezPyv8WVGnv2Fh38kYqJrAVmiSXRR8iw/ueAfW4Y66aJqz+xayaOY6+Fmz7 IxrZVn2W6q45lzvXkU8zr6KWHBhfAK6XSlDClWzsUHf9yj+wzoCyDpam6BD/cbn9 1xTk+eagrKhv7objTPSmFL0BJv2ePj/kZUy6bTLcj+8sM/vZp382OPkj1xtsiMtq meMzGjBNmaWGGVHyoz2JqhVDh8ipkPJh5nSJK+u47IofdgCHCGWfFBAjmabVbWFH ALXKDlz9Wsjd+DHuXhNtA0xkUexoOXLuSDlbjGQHYoykoE+eknaSqNv8NVxdt8Ff ypAB3Emwfkthmqqpfc+WDAo7ZOJaGQIDtz+SCf/4JcLSqmIanBvkJbnvLXf8H0n1 tbgBZBnhyoR7XeHZZDsl3ZnUEOPGnty3tu5azaPKdxuHmN5AzuySJkr21L5CSnP1 KKXxbMV1ZdAQQHJ3voO2 =7LL8 -----END PGP SIGNATURE----- Changes: graphviz (2.38.0-7) unstable; urgency=high * QA upload. * Add CVE-2014-9157.patch. Fix format string vulnerability (CVE-2014-9157) in yyerror() routine which may allow attackers to cause a denial of service or possibly execute code. Thanks to Marc Deslauriers <[email protected]> (Closes: #772648) -- Salvatore Bonaccorso <[email protected]> Wed, 10 Dec 2014 07:21:52 +0100
