Updated CVE-2019-11023 patch
Related: CVE-2019-11023
This commit is contained in:
parent
90c4f35ee2
commit
82b70a026d
@ -62,3 +62,16 @@ index 7b8214b..0910d99 100644
|
|||||||
}
|
}
|
||||||
popString(&ud->elements);
|
popString(&ud->elements);
|
||||||
Current_class = TAG_GRAPH;
|
Current_class = TAG_GRAPH;
|
||||||
|
diff --git a/lib/cgraph/obj.c b/lib/cgraph/obj.c
|
||||||
|
index 7b1c8c1..709774e 100644
|
||||||
|
--- a/lib/cgraph/obj.c
|
||||||
|
+++ b/lib/cgraph/obj.c
|
||||||
|
@@ -168,6 +168,8 @@ void agdelcb(Agraph_t * g, void *obj, Agcbstack_t * cbstack)
|
||||||
|
|
||||||
|
Agraph_t *agroot(void* obj)
|
||||||
|
{
|
||||||
|
+ // fixes CVE-2019-11023 by moving the problem to the caller :-)
|
||||||
|
+ if (obj == 0) return NILgraph;
|
||||||
|
switch (AGTYPE(obj)) {
|
||||||
|
case AGINEDGE:
|
||||||
|
case AGOUTEDGE:
|
||||||
|
@ -61,7 +61,7 @@
|
|||||||
Name: graphviz
|
Name: graphviz
|
||||||
Summary: Graph Visualization Tools
|
Summary: Graph Visualization Tools
|
||||||
Version: 2.40.1
|
Version: 2.40.1
|
||||||
Release: 38%{?dist}
|
Release: 39%{?dist}
|
||||||
License: EPL
|
License: EPL
|
||||||
URL: http://www.graphviz.org/
|
URL: http://www.graphviz.org/
|
||||||
# A bit hacking needed due to: https://gitlab.com/graphviz/graphviz/issues/1371
|
# A bit hacking needed due to: https://gitlab.com/graphviz/graphviz/issues/1371
|
||||||
@ -604,6 +604,10 @@ php --no-php-ini \
|
|||||||
%{_mandir}/man3/*.3tcl*
|
%{_mandir}/man3/*.3tcl*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-39
|
||||||
|
- Updated CVE-2019-11023 patch
|
||||||
|
Related: CVE-2019-11023
|
||||||
|
|
||||||
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-38
|
* Wed Apr 24 2019 Jaroslav Škarvada <jskarvad@redhat.com> - 2.40.1-38
|
||||||
- Fixed null pointer dereference in function agroot()
|
- Fixed null pointer dereference in function agroot()
|
||||||
Resolves: CVE-2019-11023
|
Resolves: CVE-2019-11023
|
||||||
|
Loading…
Reference in New Issue
Block a user