rpms
/
graphviz
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated CVE-2019-11023 patch 

Related: CVE-2019-11023
This commit is contained in:
Jaroslav Škarvada 2019-04-24 16:11:11 +02:00
parent 90c4f35ee2
commit 82b70a026d
2 changed files with 18 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
graphviz-2.40.1-CVE-2019-11023.patch
View File

@ -62,3 +62,16 @@ index 7b8214b..0910d99 100644
}
popString(&ud->elements);
Current_class = TAG_GRAPH;
diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
index 7b1c8c1..709774e 100644
--- a/lib/cgraph/obj.c
+++ b/lib/cgraph/obj.c
@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
Agraph_t *agroot(void* obj)
{
+ // fixes CVE-2019-11023 by moving the problem to the caller :-)
+ if (obj == 0) return NILgraph;
switch (AGTYPE(obj)) {
case AGINEDGE:
case AGOUTEDGE:

6
graphviz.spec
View File

@ -61,7 +61,7 @@
Name: graphviz
Summary: Graph Visualization Tools
Version: 2.40.1
Release: 38%{?dist}
Release: 39%{?dist}
License: EPL
URL: http://www.graphviz.org/
# A bit hacking needed due to: https://gitlab.com/graphviz/graphviz/issues/1371
@ -604,6 +604,10 @@ php --no-php-ini \
%{_mandir}/man3/*.3tcl*
%changelog
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-39
- Updated CVE-2019-11023 patch
Related: CVE-2019-11023
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-38
- Fixed null pointer dereference in function agroot()
Resolves: CVE-2019-11023