Thanks for the report. We're aware of the issue, but ranked it "low" due to
the stack protector code that has existed since Edgy in Ubuntu, and that it's a
user-assisted bug (requiring a malicious dot file), etc. I would be happy to
sponsor updates, though:
https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures
** Visibility changed to: Public
** Also affects: graphviz (Ubuntu Dapper)
Importance: Undecided
Status: New
** Also affects: graphviz (Ubuntu Hardy)
Importance: Undecided
Status: New
** Also affects: graphviz (Ubuntu Intrepid)
Importance: Undecided
Status: New
** Changed in: graphviz (Ubuntu)
Status: New => Invalid
** Changed in: graphviz (Ubuntu Dapper)
Status: New => Triaged
** Changed in: graphviz (Ubuntu Dapper)
Importance: Undecided => Low
** Changed in: graphviz (Ubuntu Hardy)
Status: New => Triaged
** Changed in: graphviz (Ubuntu Hardy)
Importance: Undecided => Low
** Changed in: graphviz (Ubuntu Intrepid)
Status: New => Triaged
** Changed in: graphviz (Ubuntu Intrepid)
Importance: Undecided => Low
--
Hardy's graphviz may be vulnerable to CVE-2008-4555
https://bugs.launchpad.net/bugs/532060
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
