Source: gnuplot Version: 5.0.5+dfsg1-6 Severity: important Tags: patch security upstream Forwarded: https://sourceforge.net/p/gnuplot/bugs/1933/
Hi, the following vulnerability was published for gnuplot. CVE-2017-9670[0]: | An uninitialized stack variable vulnerability in load_tic_series() in | set.c in gnuplot 5.2.rc1 allows an attacker to cause Denial of Service | (Segmentation fault and Memory Corruption) or possibly have unspecified | other impact when a victim opens a specially crafted file. AFAICT, it has been introduced with [2], as per [3], and fixed in [4]. Please double check and adjust the affected versions in the BTS as needed if I got it actually wrong and older versions are affected. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-9670 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9670 [1] https://sourceforge.net/p/gnuplot/bugs/1933/ [2] https://github.com/gnuplot/gnuplot/commit/cd4b777389379598740fc02decff772b0e7bcbd6 [3] https://bugzilla.novell.com/show_bug.cgi?id=1044638#c5 [4] https://github.com/gnuplot/gnuplot/commit/4e39b1d7b274c7d4a69cbaba85ff321264f4457e Regards, Salvatore -- debian-science-maintainers mailing list debian-science-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/debian-science-maintainers