-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 08 Dec 2014 17:34:32 +0100 Source: graphviz Binary: graphviz libgv-guile libgv-lua libgv-perl libgv-php5 libgv-python libgv-ruby libgv-tcl libgraph4 libcgraph5 libcdt4 libpathplan4 libgvc5 libgvc5-plugins-gtk libgvpr1 libxdot4 libgraphviz-dev graphviz-doc graphviz-dev Architecture: source all amd64 Version: 2.26.3-14+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: David Claughton <dave@eclecticdave.com> Changed-By: Thorsten Alteholz <debian@alteholz.de> Description: graphviz - rich set of graph drawing tools graphviz-dev - transitional package for graphviz-dev rename graphviz-doc - additional documentation for graphviz libcdt4 - rich set of graph drawing tools - cdt library libcgraph5 - rich set of graph drawing tools - cgraph library libgraph4 - rich set of graph drawing tools - graph library libgraphviz-dev - graphviz libs and headers against which to build applications libgv-guile - Guile bindings for graphviz libgv-lua - Lua bindings for graphviz libgv-perl - Perl bindings for graphviz libgv-php5 - PHP5 bindings for graphviz libgv-python - Python bindings for graphviz libgv-ruby - Ruby bindings for graphviz libgv-tcl - Tcl bindings for graphviz libgvc5 - rich set of graph drawing tools - gvc library libgvc5-plugins-gtk - rich set of graph drawing tools - gtk plugins libgvpr1 - rich set of graph drawing tools - gvpr library libpathplan4 - rich set of graph drawing tools - pathplan library libxdot4 - rich set of graph drawing tools - xdot library Closes: 772648 Changes: graphviz (2.26.3-14+deb7u2) wheezy-security; urgency=high . * Non-maintainer upload by the Security Team. * Add CVE-2014-9157.patch patch (Closes: #772648) Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string. Checksums-Sha1: dc4644d559e14d5c85e216fd39cf129413a1f5a0 3402 graphviz_2.26.3-14+deb7u2.dsc 04503ac5a9eaa579859f0d017811fa245717edec 17092429 graphviz_2.26.3.orig.tar.gz 86f59cc4b98eb9d4d51d22de679984ba77754dbc 54048 graphviz_2.26.3-14+deb7u2.debian.tar.gz 158daf728b49ef13e7ef5b5109aab9077f9206df 2579040 graphviz-doc_2.26.3-14+deb7u2_all.deb 4267a293ae932222393630473ca4277e6cb0036f 49342 graphviz-dev_2.26.3-14+deb7u2_all.deb 558a89b0076ae37e7ade66eb2ec03ebc7a5eef7a 378266 graphviz_2.26.3-14+deb7u2_amd64.deb 75b6d743b0fab265bef068f198030f648b990bf8 72690 libgv-guile_2.26.3-14+deb7u2_amd64.deb b8e56156c6fd33f96e5e0278c38aff7fd0bc3e7c 82450 libgv-lua_2.26.3-14+deb7u2_amd64.deb 73fdb21f3adaaca8bc5e7831c274c5c356fc50a7 94978 libgv-perl_2.26.3-14+deb7u2_amd64.deb d9d2d354a8f72d0966f459f17f36f67c2a539846 81228 libgv-php5_2.26.3-14+deb7u2_amd64.deb ba6d22f1578654c36ad3ebcf974a65955f35a14e 113962 libgv-python_2.26.3-14+deb7u2_amd64.deb e9ac9ba896e15be194848f8defb8cc989bc38ccd 76442 libgv-ruby_2.26.3-14+deb7u2_amd64.deb cb1b50470418faf4ed6fb5498b26c145005669be 668206 libgv-tcl_2.26.3-14+deb7u2_amd64.deb 477f2e25b4b4544b340902c9fc971674c9c3052e 73974 libgraph4_2.26.3-14+deb7u2_amd64.deb ee7b5729a5b7f3b6d4bc875383ab2c57830c09a1 88080 libcgraph5_2.26.3-14+deb7u2_amd64.deb 14e1591242a21bb5008e1d229018f7a4d84b62cf 60034 libcdt4_2.26.3-14+deb7u2_amd64.deb 0917a98b416c50b40580eeefca79e36e4e91c95d 65322 libpathplan4_2.26.3-14+deb7u2_amd64.deb b08f651f2800e860a83ae947a0399476825674bc 544450 libgvc5_2.26.3-14+deb7u2_amd64.deb fc3a41647e9a6ab45e796ca782724a8499cf7f97 62322 libgvc5-plugins-gtk_2.26.3-14+deb7u2_amd64.deb 814b3f4f90fe2cfc3cf14ee037e80d626a18ae52 244256 libgvpr1_2.26.3-14+deb7u2_amd64.deb 11500edecb0c1a3cf2403c96ed6b659fe999d10c 54426 libxdot4_2.26.3-14+deb7u2_amd64.deb 2478cb45836fb8391f6250259473780e3f9ba78b 104984 libgraphviz-dev_2.26.3-14+deb7u2_amd64.deb Checksums-Sha256: 62c7f290aa3594b0a605721d865855adc1353d80259dbf43ab468a06927d0fbd 3402 graphviz_2.26.3-14+deb7u2.dsc f410996e69b1095237c2128deae5fc7b6ce99055b095271abb14447bc2f37fa1 17092429 graphviz_2.26.3.orig.tar.gz 6c312bd85dccf91bc6e113011a380a62470e5ab265cac701f3ea4c9297f67b22 54048 graphviz_2.26.3-14+deb7u2.debian.tar.gz 45ffbbf17f704f81195cd36d2442085a3aeab8daf3d55d01bba2fbbb130b9ba0 2579040 graphviz-doc_2.26.3-14+deb7u2_all.deb b4e94ce73ffbe51334b7236c8564108514ab63d65f27259d95167484c4a08efa 49342 graphviz-dev_2.26.3-14+deb7u2_all.deb 24a91a45a8af406c0293917f0b2867af1e4bee5c6cfd5cca4f7981ccc81a4b88 378266 graphviz_2.26.3-14+deb7u2_amd64.deb c7a8fc59f5e76369d30622e8283c8f9c0630c2dc1b2d448078e4f3f2a2bfa20b 72690 libgv-guile_2.26.3-14+deb7u2_amd64.deb 628accd00741abe73731fbe0104ee82686d976758a755109172136db4afa2444 82450 libgv-lua_2.26.3-14+deb7u2_amd64.deb 9bc13249ccac001d65d0beb2130050b56e7778cfd3e382d8c553bff4a0c6946b 94978 libgv-perl_2.26.3-14+deb7u2_amd64.deb f258d6e8acf8e72c026e70b2ef025a7e5c68619180315d8263a36e79414fd3c5 81228 libgv-php5_2.26.3-14+deb7u2_amd64.deb 5e79c11d34af1c7b0ed293de7c1d77e7fdc54892ef89a7e6546a82701f241946 113962 libgv-python_2.26.3-14+deb7u2_amd64.deb 729a8275941380e7c0cf338335b3f451dabbe54a62dc47a2929923d6cff8ccbb 76442 libgv-ruby_2.26.3-14+deb7u2_amd64.deb 09132c7ff8431f6e3fe666f61ea7fc8acdcb0b87fad83c5aa221d5b4254d94c1 668206 libgv-tcl_2.26.3-14+deb7u2_amd64.deb fa128341536c86b4faab4eca7f0d6e315ea27b15f0cf4b309e3a463506b68ba4 73974 libgraph4_2.26.3-14+deb7u2_amd64.deb cfbc57fa3a2ff0353c2c4b6ddc6f79ab9f295c3f8fc9732ad3c547677f167062 88080 libcgraph5_2.26.3-14+deb7u2_amd64.deb a1ef9ddeebfd16c1d25519834d2ddf9a5f0bd483eaaed852070b54d88891ecee 60034 libcdt4_2.26.3-14+deb7u2_amd64.deb 7556e61c153e5d2b2b2111bdb0f5806e83abc975a358a6ee1e665dbe37e28f62 65322 libpathplan4_2.26.3-14+deb7u2_amd64.deb 06bc1ea952efa2114c01b1b6b672396df5d307d39e410c245c9a68b219ffbcef 544450 libgvc5_2.26.3-14+deb7u2_amd64.deb fad48bb7a5964c0b8bbbab05b94f16654fe7bacd12c6b70571b033662b003036 62322 libgvc5-plugins-gtk_2.26.3-14+deb7u2_amd64.deb a19aea1c322ca85de5287bbbeaf60c90cec01304d71411b0e1be596652f200c6 244256 libgvpr1_2.26.3-14+deb7u2_amd64.deb 09a6693324e9a4024ec306cbb44c466edfeed6def1c3f4971e64011b06a84713 54426 libxdot4_2.26.3-14+deb7u2_amd64.deb 3307c9c6f280511bf33041211b7c3c789097342a46dce944e7ce7edf98c16e62 104984 libgraphviz-dev_2.26.3-14+deb7u2_amd64.deb Files: a6678b238265b6fd5e02cd71f5bbffeb 3402 graphics optional graphviz_2.26.3-14+deb7u2.dsc 6f45946fa622770c45609778c0a982ee 17092429 graphics optional graphviz_2.26.3.orig.tar.gz 64a3501831e00a0bf19c3ad1db95ccce 54048 graphics optional graphviz_2.26.3-14+deb7u2.debian.tar.gz d42227ac695f0d8a82948d5036a4d155 2579040 doc optional graphviz-doc_2.26.3-14+deb7u2_all.deb 9eb264469f55b1ba1e5e10e33016d19a 49342 devel optional graphviz-dev_2.26.3-14+deb7u2_all.deb 1747c8ff6e29f23308ef51b9842a6931 378266 graphics optional graphviz_2.26.3-14+deb7u2_amd64.deb 4726b6e1e3dbd1a86b518cc0e8cd472d 72690 interpreters optional libgv-guile_2.26.3-14+deb7u2_amd64.deb 1c6569e3c32a64a535c63cce413d1d6f 82450 interpreters optional libgv-lua_2.26.3-14+deb7u2_amd64.deb c2d3e810693aa02637ff98b743eb8c44 94978 perl optional libgv-perl_2.26.3-14+deb7u2_amd64.deb 288218de8e3c78f705ef4b6641beb348 81228 php optional libgv-php5_2.26.3-14+deb7u2_amd64.deb 6bb064ef755fcbed7e6cb8ce4b14364a 113962 python optional libgv-python_2.26.3-14+deb7u2_amd64.deb 4af05a031a61c32d8a496a535e762bb0 76442 ruby optional libgv-ruby_2.26.3-14+deb7u2_amd64.deb a2e866afd27b6e03b0231c29123988a4 668206 interpreters optional libgv-tcl_2.26.3-14+deb7u2_amd64.deb e8ac3c5027cfc48203f14531a96cee57 73974 libs optional libgraph4_2.26.3-14+deb7u2_amd64.deb 361ea68066318b201ca78abacb2d47d8 88080 libs optional libcgraph5_2.26.3-14+deb7u2_amd64.deb db6cdc4d99e9be378a02ec7b5c246b41 60034 libs optional libcdt4_2.26.3-14+deb7u2_amd64.deb 3167007a3952b6065f06c1902a152b7d 65322 libs optional libpathplan4_2.26.3-14+deb7u2_amd64.deb f8762af5513c642ebc278953b72372fe 544450 libs optional libgvc5_2.26.3-14+deb7u2_amd64.deb 49181d1e6cc1b6eb15931e4942064080 62322 libs optional libgvc5-plugins-gtk_2.26.3-14+deb7u2_amd64.deb 90c71d3da8194069479cdc548d9149dc 244256 libs optional libgvpr1_2.26.3-14+deb7u2_amd64.deb df32523c4e79b7cba44cec5b9fd78bbb 54426 libs optional libxdot4_2.26.3-14+deb7u2_amd64.deb d03ef9c1724724a77b6b6cacd4042e9d 104984 libdevel optional libgraphviz-dev_2.26.3-14+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUiJMdXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5 NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHU98P/0om8fKjwgmHWNbdQFcdDjky CxNAJXVpBWfe8JVTKWvKfUja7eR8ujSxq/+/0sGaH/6ASPVatMR26On1Did3KIjw 6gNAVehMVviOTmvcmtvvxHWQBtC93hv1l3TQ0PJ5cM1naFAWcQlbew89T5WM1Kp4 Gtfmt1I+kSD1AU18Sp4wCtMBp+LtIi6D9rqAr/xkKz7sJAqgLwKWB5aBdIiL1Kw3 oUqO5jZrM2mjaMKjTzKPt8OF2WhGSHkZFV1UhRC6Zr9OwtyBSD3qTDkISz8vYnGq 7zDJfe0Rr8GjoUbaQalilJ5CN+fCmW1R9PyOl9KWeRaLqS7yerK/UDeoN7bC4lCq JYj0CVu39iJ1JQFlH518H3lfd3lRjYRRtlnYmhKdrzP/LIvSNSMpeUAwsPhli5ZJ g/ZeR171ZCuDN272GES1KZefaTujeStaLkzxGtXKFGkqwMo90orEvZFYfowzDQCr s1eF581StogO5ZeAqhGKtAYy/R2WCfqo852yiCxYys04FPGGtl6MrvhCqCqNQniW d/IA3ir1uwtV4lzd8Ik3ohM+k6PhkEtycIiROiT4FHxtxFP6vOFzb5nRhbTGNFDR 61w4yiOEFILhBTDYCYip10lRqFhcpbEyIHDxstvnXROw+tDOO4b/Q1Vj4rmBzS9n s7AgXO1eJ+CVbTTaR+2u =ueIZ -----END PGP SIGNATURE-----