2 ignored security issues in stretch

package:
graphviz
severity:
low
created:
2018-05-15
last updated:
2019-07-16

There are 2 open security issues in stretch.
2 issues skipped by the security teams:
  • CVE-2018-10196: NULL pointer dereference vulnerability in the rebuild_vlists function in lib/dotgen/conc.c in the dotgen library in Graphviz 2.40.1 allows remote attackers to cause a denial of service (application crash) via a crafted file.
  • CVE-2019-9904: An issue was discovered in lib\cdt\dttree.c in libcdt.a in graphviz 2.40.1. Stack consumption occurs because of recursive agclose calls in lib\cgraph\graph.c in libcgraph.a, related to agfstsubg in lib\cgraph\subg.c.
Please fix them.