Hardy's graphviz may be vulnerable to CVE-2008-4555
I found this vulnerability report:
http://
and the version of graphviz in Hardy looks like it could be vulnerable (the Gentoo report seems to assume it is). I looked here for reported bugs against the graphviz package:
https:/
and found none I could associate with the vulnerability. I also looked at the change log:
http://
and it doesn't seem to be a previously addressed issue either.
I have a developer that wants to install graphviz on a java app server (for an auto-build environment) we have running Ubuntu 8.04 LTS Server, so I was wondering if the package was going to be upgraded to version 2.20.3 for 8.04, or if patched would be backported to version 2.16, or if something else.
We can compile and install graphviz, but I would like to know if Ubuntu is addressing this issue already (and I just don't know where to look), or if there is something I need to do to start the process (this looked like a good place to start). Thank you for your consideration,
Troy Johnson
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu graphviz Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Can you help with this problem?
Provide an answer of your own, or ask TroyJohnson for more information if necessary.