Fedora has issued an advisory on November 27: https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145217.html Patched packages uploaded for Mageia 4 and Cauldron. Advisory: ======================== Updated graphviz packages fix security vulnerability: Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vector, which are not properly handled in an error string (CVE-2014-9157). References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9157 https://lists.fedoraproject.org/pipermail/package-announce/2014-December/145217.html ======================== Updated packages in core/updates_testing: ======================== graphviz-2.34.0-6.1.mga4 graphviz-doc-2.34.0-6.1.mga4 libcdt5-2.34.0-6.1.mga4 libcgraph6-2.34.0-6.1.mga4 libgvc6-2.34.0-6.1.mga4 libgvpr2-2.34.0-6.1.mga4 libpathplan4-2.34.0-6.1.mga4 libxdot4-2.34.0-6.1.mga4 lua-graphviz-2.34.0-6.1.mga4 php-graphviz-2.34.0-6.1.mga4 python-graphviz-2.34.0-6.1.mga4 ruby-graphviz-2.34.0-6.1.mga4 perl-graphviz-2.34.0-6.1.mga4 tcl-graphviz-2.34.0-6.1.mga4 java-graphviz-2.34.0-6.1.mga4 ocaml-graphviz-2.34.0-6.1.mga4 libgraphviz-devel-2.34.0-6.1.mga4 from graphviz-2.34.0-6.1.mga4.src.rpm Reproducible: Steps to Reproduce:
Testing procedure: https://bugs.mageia.org/show_bug.cgi?id=12239#c8
Whiteboard: (none) => has_procedure
Works fine on a Mageia 4 x86-64 VBox VM.
CC: (none) => shlomifWhiteboard: has_procedure => has_procedure MGA4-64-OK
testing procedure works fine on MGA4-32-OK. Ship it.
Whiteboard: has_procedure MGA4-64-OK => has_procedure MGA4-64-OK MGA4-32-OK
Thanks Shlomi. Validating. Advisory uploaded. Please push to updates Thanks
Keywords: (none) => validated_updateWhiteboard: has_procedure MGA4-64-OK MGA4-32-OK => has_procedure advisory MGA4-64-OK MGA4-32-OKCC: (none) => sysadmin-bugs
An update for this issue has been pushed to Mageia Updates repository. http://advisories.mageia.org/MGASA-2014-0520.html
Status: NEW => RESOLVEDResolution: (none) => FIXED