diff options
author | Ludovic Courtès <ludo@gnu.org> | 2015-11-28 16:29:11 +0100 |
---|---|---|
committer | Ludovic Courtès <ludo@gnu.org> | 2015-11-28 16:29:11 +0100 |
commit | f79a576e776eb299af52d60cdd51f4a4f79beee3 (patch) | |
tree | 7c1f919f568d555d7c74905178594bf1c5379dde /gnu/packages/patches | |
parent | 4e70fe4d0efbb29d47e3d83d36d6c15f92baebb0 (diff) | |
download | gnu-guix-f79a576e776eb299af52d60cdd51f4a4f79beee3.tar gnu-guix-f79a576e776eb299af52d60cdd51f4a4f79beee3.tar.gz |
gnu: jasper: Patch CVE-2008-3522.
* gnu/packages/patches/jasper-CVE-2008-3522.patch: New file.
* gnu/packages/image.scm (jasper)[source]: Use it.
* gnu-system.am (dist_patch_DATA): Add it.
Diffstat (limited to 'gnu/packages/patches')
-rw-r--r-- | gnu/packages/patches/jasper-CVE-2008-3522.patch | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/gnu/packages/patches/jasper-CVE-2008-3522.patch b/gnu/packages/patches/jasper-CVE-2008-3522.patch new file mode 100644 index 0000000000..10cfec99a5 --- /dev/null +++ b/gnu/packages/patches/jasper-CVE-2008-3522.patch @@ -0,0 +1,14 @@ +Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf'). +Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>. + +--- jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:56:01.000000000 +0200 ++++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:58:16.000000000 +0200 +@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre + int ret; + + va_start(ap, fmt); +- ret = vsprintf(buf, fmt, ap); ++ ret = vsnprintf(buf, sizeof buf, fmt, ap); + jas_stream_puts(stream, buf); + va_end(ap); + return ret; |