2 ignored security issues in jessie

package:
graphviz
severity:
low
created:
2018-05-15
last updated:
2019-04-24

There are 2 open security issues in jessie.
2 issues skipped by the security teams:
  • CVE-2019-9904: An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
  • CVE-2018-10196: NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
Please fix them.