graphviz: fix CVE-2023-46045 - linux/meta-openembedded.git - Mirror of git.openembedded.org/meta-openembedded

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2024-07-29 10:48:56 +0000
committer	Armin Kuster <akuster808@gmail.com>	2024-08-03 11:58:41 -0400
commit	ec85533ee538c0a91bf8fb219d134c4fca123def (patch)
tree	55f19215d95f4d0871ea184c066f8175942d3265 /meta-python/recipes-devtools/python/python3-pydantic-core/0001-Bumps-pyo3-https-github.com-pyo3-pyo3-from-0.20.2-to.patch
parent	ae5d6c81fa5f4fd89e4d0a6327740da654dc5a80 (diff)
download	meta-openembedded-ec85533ee538c0a91bf8fb219d134c4fca123def.tar.gz

graphviz: fix CVE-2023-46045

Graphviz 2.36 before 10.0.0 has an out-of-bounds read via a crafted config6a file. NOTE: exploitability may be uncommon because this file is typically owned by root. CVE-2023-46045-0003.patch is the CVE fix and CVE-2023-46045-0001.patch, CVE-2023-46045-0002.patch are dependent commits to fix the CVE. Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-46045 Upstream patches: https://gitlab.com/graphviz/graphviz/-/commit/361f274ca901c3c476697a6404662d95f4dd43cb https://gitlab.com/graphviz/graphviz/-/commit/3f31704cafd7da3e86bb2861accf5e90c973e62a https://gitlab.com/graphviz/graphviz/-/commit/a95f977f5d809915ec4b14836d2b5b7f5e74881e Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>

Diffstat (limited to 'meta-python/recipes-devtools/python/python3-pydantic-core/0001-Bumps-pyo3-https-github.com-pyo3-pyo3-from-0.20.2-to.patch')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: