pkgs/tools/graphics/graphviz/cve-2014-9157.patch at release-16.03-start

pyrox.dev / nixpkgs

fork

lol

fork

nixpkgs / pkgs / tools / graphics / graphviz / cve-2014-9157.patch

at release-16.03-start 24 lines 747 B view raw

wrap content

James Cook graphviz: Patch to fix CVE-2014-9157 (close #6640) 11y ago

91fa9b27

 1From https://lists.debian.org/debian-qa-packages/2014/12/msg00048.html , which
 2seems to come from Ubuntu.
 3
 4Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine
 5Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
 6Author: Emden R. Gansner
 7
 8---
 9 lib/cgraph/scan.l |    2 +-
10 1 file changed, 1 insertion(+), 1 deletion(-)
11
12Index: b/lib/cgraph/scan.l
13===================================================================
14--- a/lib/cgraph/scan.l
15+++ b/lib/cgraph/scan.l
16@@ -225,7 +225,7 @@
17 	agxbput (&xb, buf);
18 	agxbput (&xb, yytext);
19 	agxbput (&xb,"'\n");
20-	agerr(AGERR,agxbuse(&xb));
21+	agerr(AGERR, "%s", agxbuse(&xb));
22 	agxbfree(&xb);
23 }
24 /* must be here to see flex's macro defns */

Configure Feed

Configure Feed