jcgruenhage/void-packages
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
void-packages/srcpkgs/graphviz/patches/CVE-2014-9157.patch
Christian Neukirchen e3c55dd053 graphviz: fix CVE-2014-9157, enable lefty, reduce package size by 45MB. 
Patches from Debian.
2016-03-05 16:59:28 +01:00

22 lines
646 B
Diff
Raw Blame History

Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine
Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
Bug-Debian: https://bugs.debian.org/772648
Forwarded: no
Author: Emden R. Gansner
Last-Update: 2014-12-10
---
lib/cgraph/scan.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- lib/cgraph/scan.l
+++ lib/cgraph/scan.l
@@ -225,7 +225,7 @@ void yyerror(char *str)
agxbput (&xb, buf);
agxbput (&xb, yytext);
agxbput (&xb,"'\n");
- agerr(AGERR,agxbuse(&xb));
+ agerr(AGERR, "%s", agxbuse(&xb));
agxbfree(&xb);
}
/* must be here to see flex's macro defns */
Reference in a new issue View git blame Copy permalink