Your message dated Mon, 08 Apr 2019 17:03:50 +0000
with message-id <[email protected]>
and subject line Bug#898841: fixed in graphviz 2.40.1-6
has caused the Debian Bug report #898841,
regarding graphviz: CVE-2018-10196
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
898841: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898841
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: graphviz
Version: 2.40.1-3
Severity: normal
Tags: security upstream
Forwarded: https://gitlab.com/graphviz/graphviz/issues/1367

Hi,

The following vulnerability was published for graphviz.

CVE-2018-10196[0]:
null derefence in rebuild_vlist

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-10196
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10196
[1] https://gitlab.com/graphviz/graphviz/issues/1367

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

--- End Message ---
--- Begin Message ---
Source: graphviz
Source-Version: 2.40.1-6

We believe that the bug you reported is fixed in the latest version of
graphviz, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Laszlo Boszormenyi (GCS) <[email protected]> (supplier of updated graphviz 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 08 Apr 2019 15:51:00 +0000
Source: graphviz
Architecture: source
Version: 2.40.1-6
Distribution: unstable
Urgency: high
Maintainer: Laszlo Boszormenyi (GCS) <[email protected]>
Changed-By: Laszlo Boszormenyi (GCS) <[email protected]>
Closes: 898841
Changes:
 graphviz (2.40.1-6) unstable; urgency=high
 .
   * Fix CVE-2018-10196: NULL pointer dereference in rebuild_vlists()
     (closes: #898841).
Checksums-Sha1:
 1aac20d2b28277713e3aa0ea758cd3df70c325fa 3213 graphviz_2.40.1-6.dsc
 960b9406878f548ef3edd90c62ca9ba58654eae9 51348 graphviz_2.40.1-6.debian.tar.xz
 a405f3c198418012c1b393d9689b5eb5d3df6258 24546 
graphviz_2.40.1-6_amd64.buildinfo
Checksums-Sha256:
 5566f1b10d9646447102a13f7d5d04763702e2b32fa4e27f4542caf77708a93b 3213 
graphviz_2.40.1-6.dsc
 34055a47c6a672fdf60475b58e37264ea431bd008f939f74c8094a0c84ea9b0b 51348 
graphviz_2.40.1-6.debian.tar.xz
 c8b050e714d34d6b5a73d311ed3eaeeb8a7c4731c3bb740a01e4521d67f437ae 24546 
graphviz_2.40.1-6_amd64.buildinfo
Files:
 13c4bc358166e605962047dd6148d8aa 3213 graphics optional graphviz_2.40.1-6.dsc
 782d8082bdfb24dc9b1380ba5c1d6229 51348 graphics optional 
graphviz_2.40.1-6.debian.tar.xz
 da3464690a24361ddd075d7f3f9f852c 24546 graphics optional 
graphviz_2.40.1-6_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfYh9yLp7u6e4NeO63OMQ54ZMyL8FAlyre2cACgkQ3OMQ54ZM
yL+dCg/+LZjsiSDQ4JXub7N1Zd80lKEqglhFLyb3FVSD1V6ufRxbjHtTHTeHjj4c
VhNE1J/9S1dkCxYC+49pVSVVCzl1Jsvvre2ToQLQ8Vxta+zvLDrfXUQeNFQa5o8u
25SdYN6KQfQzPbr8yFkAvow2Mqi+Q7brBCtXpRTbi2+tSoC+4QUOTfQNfUsfbPFS
L6Y55ciPWKGYyvtNWJvccKMSuZh56TtVRqfTp5z44YS7JgNjzPhao0fP/GX0xoQ0
aUrbXe47pq/2foqRjxC7AMyA6Ogruv3QnnwMFXFwhFAOaFoZpfCxGYBJiv/G/L96
bAGrrnJGaAhu7vEJ6Y448xiqlSHkBoC9D61rM6FHSyZgCWKHvBDJMXtHKVS4Po8P
zvWT22L6bysLIdRpmzYzAJBeCgeBb3aKBRqJYRlQr3SXP8mpi13vHzcAmqNPYl5e
4chbj0yIagj+P6DGH1SHXZAksiG2pUWE6Co322TajtN/7vqztkfkNMPu4RoaqbKb
8CTbrZJ64GpvukWELxeCPNc0JEDHCmM5QEopHSxeOQBVtjOtESRqx3wPMnWZS1Hu
0SkUAwcpFAZmfNip3rT9wLsIhC3Zs12TljWrCGz5Cgjj3MKSyCW/bFTYM6WqEanN
RbcpO7j7C01M9ktEIsQBEdBI3LDGH2lQMQGN959E9dh8XxCFRXM=
=ILqI
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to