Bug 908426 - (CVE-2014-9157) VUL-0: CVE-2014-9157: graphviz: format string vulnerability
(CVE-2014-9157)
VUL-0: CVE-2014-9157: graphviz: format string vulnerability
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other openSUSE 42.2
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/111144/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-12-04 19:59 UTC by Alexander Bergmann
Modified: 2017-12-06 02:09 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2014-12-04 23:00:23 UTC
bugbot adjusting priority
Comment 2 Philipp Thomas 2014-12-05 07:53:22 UTC
Only 13.2 and factory need to be fixed as all other distribution use older versions that don't have the bug.
Comment 3 Johannes Segitz 2015-04-08 11:27:23 UTC
(In reply to Philipp Thomas from comment #2)
Can you provide a submit please?
Comment 6 Philipp Thomas 2017-11-27 14:30:44 UTC
Submitted for 42.2 with sr#546041
Submitted for 42.3 with sr#546039
Comment 7 Andreas Stieger 2017-11-27 18:01:09 UTC
(In reply to Philipp Thomas from comment #6)
> Submitted for 42.3 with sr#546039

Does not build for Leap 42.3.
Comment 8 Andreas Stieger 2017-11-27 18:01:57 UTC
Security bugs to remain open until closed by security team
Comment 9 Andreas Stieger 2017-11-27 18:05:01 UTC
fixed that for you...
https://build.opensuse.org/request/show/546099
Comment 10 Andreas Stieger 2017-12-05 20:56:21 UTC
releasing, done
Comment 11 Swamp Workflow Management 2017-12-06 02:09:33 UTC
openSUSE-SU-2017:3222-1: An update that fixes one vulnerability is now available.

Category: security (moderate)
Bug References: 908426
CVE References: CVE-2014-9157
Sources used:
openSUSE Leap 42.3 (src):    graphviz-2.38.0-9.1, graphviz-gvedit-2.38.0-9.1, graphviz-plugins-2.38.0-9.3, graphviz-smyrna-2.38.0-9.1
openSUSE Leap 42.2 (src):    graphviz-2.38.0-4.5.1, graphviz-gvedit-2.38.0-4.5.1, graphviz-plugins-2.38.0-4.5.3, graphviz-smyrna-2.38.0-4.5.1