[Bug 532060]

Jamie Strandboge jamie at ubuntu.com
Tue May 21 15:43:49 UTC 2013 

Thank you for reporting this bug to Ubuntu. hardy has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against hardy is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.

** Changed in: graphviz (Ubuntu Hardy)
       Status: Triaged => Won't Fix

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to graphviz in Ubuntu.
https://bugs.launchpad.net/bugs/532060

Title:
  Hardy's graphviz may be vulnerable to CVE-2008-4555

Status in “graphviz” package in Ubuntu:
  Invalid
Status in “graphviz” source package in Dapper:
  Won't Fix
Status in “graphviz” source package in Hardy:
  Won't Fix
Status in “graphviz” source package in Intrepid:
  Invalid

Bug description:
  Binary package hint: graphviz

  I found this vulnerability report:

  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4555

  and the version of graphviz in Hardy looks like it could be vulnerable
  (the Gentoo report seems to assume it is). I looked here for reported
  bugs against the graphviz package:

  https://launchpad.net/ubuntu/+source/graphviz/+bugs

  and found none I could associate with the vulnerability. I also looked
  at the change log:

  http://changelogs.ubuntu.com/changelogs/pool/main/g/graphviz/graphviz_2.16-3ubuntu2/changelog

  and it doesn't seem to be a previously addressed issue either.

  It looks like the fix was back-ported to the jaunty package here:

  https://lists.ubuntu.com/archives/jaunty-
  changes/2008-November/000076.html

  We are using:

  # lsb_release -rd
  Description:    Ubuntu 8.04.4 LTS
  Release:        8.04

  and the package information is:

  # apt-cache policy graphviz
  graphviz:
    Installed: 2.16-3ubuntu2
    Candidate: 2.16-3ubuntu2
    Version table:
   *** 2.16-3ubuntu2 0
          500 http://wssds02.health.state.mn.us hardy/main Packages
          100 /var/lib/dpkg/status

  Thank you,

  Troy Johnson

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/graphviz/+bug/532060/+subscriptions

More information about the foundations-bugs mailing list