diff options
| author | Ludovic Courtès <ludo@gnu.org> | 2015-12-12 11:42:12 +0100 |
|---|---|---|
| committer | Ludovic Courtès <ludo@gnu.org> | 2015-12-12 11:48:46 +0100 |
| commit | e82e55e58c67b0215e768c4612ca542bc670f633 (patch) | |
| tree | 856c4512fa1fbde59c1d9845c5a763ef8c4a14b4 /gnu/packages/patches/jasper-CVE-2008-3522.patch | |
| parent | 98bd851ee891ca4a84e061fe1e78ba78c292b096 (diff) | |
| parent | e35dff973375266db253747140ddf25084ecddc2 (diff) | |
| download | guix-patches-e82e55e58c67b0215e768c4612ca542bc670f633.tar guix-patches-e82e55e58c67b0215e768c4612ca542bc670f633.tar.gz | |
Merge branch 'master' into core-updates
Diffstat (limited to 'gnu/packages/patches/jasper-CVE-2008-3522.patch')
| -rw-r--r-- | gnu/packages/patches/jasper-CVE-2008-3522.patch | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/patches/jasper-CVE-2008-3522.patch b/gnu/packages/patches/jasper-CVE-2008-3522.patch new file mode 100644 index 0000000000..10cfec99a5 --- /dev/null +++ b/gnu/packages/patches/jasper-CVE-2008-3522.patch @@ -0,0 +1,14 @@ +Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf'). +Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>. + +--- jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:56:01.000000000 +0200 ++++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:58:16.000000000 +0200 +@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre + int ret; + + va_start(ap, fmt); +- ret = vsprintf(buf, fmt, ap); ++ ret = vsnprintf(buf, sizeof buf, fmt, ap); + jas_stream_puts(stream, buf); + va_end(ap); + return ret; |