[ubuntu/trusty-proposed] graphviz 2.34.0-0ubuntu6 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jan 15 22:02:15 UTC 2014 

graphviz (2.34.0-0ubuntu6) trusty; urgency=low

  * SECURITY UPDATE: buffer overflow in yyerror()
    - debian/patches/CVE-2014-0978.patch: don't overflow buf in
      lib/cgraph/scan.l.
    - CVE-2014-0978
  * SECURITY UPDATE: buffer overflow in yyerror() security fix
    - debian/patches/CVE-2014-1235.patch: once again, don't overflow buf
      in lib/cgraph/scan.l.
    - CVE-2014-1235
  * SECURITY UPDATE: buffer overflow in chkNum of scanner
    - debian/patches/CVE-2014-1236.patch: don't overflow buf in
      lib/cgraph/scan.l.
    - CVE-2014-1236

Date: Tue, 14 Jan 2014 13:01:36 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/graphviz/2.34.0-0ubuntu6
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Tue, 14 Jan 2014 13:01:36 -0500
Source: graphviz
Binary: graphviz libgv-guile libgv-lua libgv-perl libgv-php5 libgv-python libgv-ruby libgv-tcl libcgraph6 libcdt5 libpathplan4 libgvc5 libgvc5-plugins-gtk libgvpr1 libxdot4 libgraphviz-dev graphviz-doc graphviz-dev
Architecture: source
Version: 2.34.0-0ubuntu6
Distribution: trusty
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 graphviz   - rich set of graph drawing tools
 graphviz-dev - transitional package for graphviz-dev rename
 graphviz-doc - additional documentation for graphviz
 libcdt5    - rich set of graph drawing tools - cdt library
 libcgraph6 - rich set of graph drawing tools - cgraph library
 libgraphviz-dev - graphviz libs and headers against which to build applications
 libgv-guile - Guile bindings for graphviz
 libgv-lua  - Lua bindings for graphviz
 libgv-perl - Perl bindings for graphviz
 libgv-php5 - PHP5 bindings for graphviz
 libgv-python - Python bindings for graphviz
 libgv-ruby - Ruby bindings for graphviz
 libgv-tcl  - Tcl bindings for graphviz
 libgvc5    - rich set of graph drawing tools - gvc library
 libgvc5-plugins-gtk - rich set of graph drawing tools - gtk plugins
 libgvpr1   - rich set of graph drawing tools - gvpr library
 libpathplan4 - rich set of graph drawing tools - pathplan library
 libxdot4   - rich set of graph drawing tools - xdot library
Changes: 
 graphviz (2.34.0-0ubuntu6) trusty; urgency=low
 .
   * SECURITY UPDATE: buffer overflow in yyerror()
     - debian/patches/CVE-2014-0978.patch: don't overflow buf in
       lib/cgraph/scan.l.
     - CVE-2014-0978
   * SECURITY UPDATE: buffer overflow in yyerror() security fix
     - debian/patches/CVE-2014-1235.patch: once again, don't overflow buf
       in lib/cgraph/scan.l.
     - CVE-2014-1235
   * SECURITY UPDATE: buffer overflow in chkNum of scanner
     - debian/patches/CVE-2014-1236.patch: don't overflow buf in
       lib/cgraph/scan.l.
     - CVE-2014-1236
Checksums-Sha1: 
 3656274c66eaa4ccfd223f93cee31a7195cf767c 3301 graphviz_2.34.0-0ubuntu6.dsc
 f92edab27761315442ef2bc6eea6c8ca2ec5154b 73042 graphviz_2.34.0-0ubuntu6.debian.tar.gz
Checksums-Sha256: 
 dd87e4896d82990194920708a7341405d71a09674764b6d62b006fe1c2d1a3c3 3301 graphviz_2.34.0-0ubuntu6.dsc
 384514a75532d9134b679dc206d70ec3d83720fb2591d99be869b989849a89bd 73042 graphviz_2.34.0-0ubuntu6.debian.tar.gz
Files: 
 7d1e5dd428f5d3abab13d6381f241c57 3301 graphics optional graphviz_2.34.0-0ubuntu6.dsc
 23ce44dc7dda3ccdc94697ad16c61017 73042 graphics optional graphviz_2.34.0-0ubuntu6.debian.tar.gz
Original-Maintainer: David Claughton <dave at eclecticdave.com>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBCgAGBQJS1wQ9AAoJEGVp2FWnRL6T7KkP/1RoYfxPBsjG7Df8I7Y8q7G0
aKaD7Rqy0e+BECrvflBLnddfk4C9KTtzzAKYKkjrvWDM/lDqdM4pDa/RuqKUcVnH
80txtd+LGTWff2O7w/vE1S69bh08Iwbc2XkDmwanCOa6i9HWQ+A58b9DAHGypgtL
ihMPa2Vqsd6o7EY5/ftfjgd4DkoW7qs0+SqV9RO7gOzUtgKocDuH+Fy2KQ+OsRK6
WGAfRdz5v3pmkPvYZiqZ+ED/MIJRpK2hOBtYTMtuFLhK/WdPmno7F7an6w9Kyjk7
RShng+Nq7Yr7X14TXl4jQdIj9ruUf6KA+RKppVq7evDp3gF2N3GxU+RTdtD9lmCJ
Dff7ykeB5Bqm2ib5x96IMWktK7Y6tmM5v8e+VBQgij5zvpIDf9+VgB0+4JySpt7h
30NiNSNpHOouRX/+lDFP2FnzdbAjZTw8wtP/+9YLxnHxzZ/VKADnXZ2gOig7W0I7
lCi0Krr6vgUDdnVJD+E9ZrRirgT9AKh7vRl2Y//cNrOw92adZ24TycZJG6ThrsC6
03ddGJoy5Rn5M+mkCynEMsmlh/GdUkl8N69F/6HusKGzd/T8a4FcP6XjG0si24lu
ma4m8glWg/lEUySsmafsM06nRZbDh/uhWzQ3x+0Fv42arTJv8Ct0nkfvNH0OK1Qe
SubxRxAUQ5hG/1yQOgnA
=MV9A
-----END PGP SIGNATURE-----

More information about the Trusty-changes mailing list