[v3.1] graphviz: format string vulnerability (CVE-2014-9157)
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string.
•MLIST:[oss-security] 20141125 CVE Request: Graphviz format string
vuln
•URL: http://seclists.org/oss-sec/2014/q4/784
•MLIST:[oss-security] 20141201 Re: Re: CVE Request: Graphviz format
string vuln
•URL: http://seclists.org/oss-sec/2014/q4/872
•CONFIRM:
https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
•BID:71283
•URL: http://www.securityfocus.com/bid/71283
•SECUNIA:60166
•URL: http://secunia.com/advisories/60166
•XF:graphviz-format-sting(98949)
•URL: http://xforce.iss.net/xforce/xfdb/98949
(from redmine: issue id 3756, created on 2015-01-27, closed on 2017-05-17)
- Relations:
- parent #3752
- Changesets:
- Revision a83bc79e by Natanael Copa on 2015-01-27T12:09:15Z:
main/graphviz: security fix for CVE-2014-9157
ref #3752
fixes #3756
(cherry picked from commit 8c89f11b647949f06fbef635e60814476280caa9)
Conflicts:
main/graphviz/APKBUILD