Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf'). Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>. --- jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:56:01.000000000 +0200 +++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:58:16.000000000 +0200 @@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre int ret; va_start(ap, fmt); - ret = vsprintf(buf, fmt, ap); + ret = vsnprintf(buf, sizeof buf, fmt, ap); jas_stream_puts(stream, buf); va_end(ap); return ret;