diff options
Diffstat (limited to 'gnu/packages/patches/wordnet-CVE-2008-2149.patch')
| -rw-r--r-- | gnu/packages/patches/wordnet-CVE-2008-2149.patch | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/wordnet-CVE-2008-2149.patch b/gnu/packages/patches/wordnet-CVE-2008-2149.patch new file mode 100644 index 0000000000..9828efa4bc --- /dev/null +++ b/gnu/packages/patches/wordnet-CVE-2008-2149.patch @@ -0,0 +1,19 @@ +Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf +format string +Closes: #481186 (CVE-2008-2149) +Please note: The WordNet code contains several other occurences of potentially +exploitable functions like strcpy()/strcat()/... and so even if there are no +known exploits the code needs a full security audit. + +--- a/src/wn.c ++++ b/src/wn.c +@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[]) + outsenses += do_search(av[1], optptr->pos, optptr->search, + whichsense, optptr->label); + } else { +- sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]); ++ /* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */ ++ sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]); + display_message(tmpbuf); + errcount++; + } |