MDVSA-2015:187: graphviz

Updated graphviz packages fix security vulnerability:

Format string vulnerability in the yyerror function in
lib/cgraph/scan.l in Graphviz allows remote attackers to have
unspecified impact via format string specifiers in unknown vector,
which are not properly handled in an error string (CVE-2014-9157).

Additionally the gtkglarea2 and gtkglext packages were missing and
was required for graphviz to build, these packages are also being
provided with this advisory.

Leave a Reply