gnu: jasper: Patch CVE-2008-3522.
* gnu/packages/patches/jasper-CVE-2008-3522.patch: New file. * gnu/packages/image.scm (jasper)[source]: Use it. * gnu-system.am (dist_patch_DATA): Add it.
This commit is contained in:
parent
4e70fe4d0e
commit
f79a576e77
|
@ -535,6 +535,7 @@ dist_patch_DATA = \
|
|||
gnu/packages/patches/icu4c-CVE-2015-4760.patch \
|
||||
gnu/packages/patches/imagemagick-test-segv.patch \
|
||||
gnu/packages/patches/irrlicht-mesa-10.patch \
|
||||
gnu/packages/patches/jasper-CVE-2008-3522.patch \
|
||||
gnu/packages/patches/jbig2dec-ignore-testtest.patch \
|
||||
gnu/packages/patches/julia-0.3.10-fix-empty-array.patch \
|
||||
gnu/packages/patches/kmod-module-directory.patch \
|
||||
|
|
|
@ -714,7 +714,8 @@ convert, manipulate, filter and display a wide variety of image formats.")
|
|||
"/software/jasper-" version ".zip"))
|
||||
(sha256
|
||||
(base32
|
||||
"154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b"))))
|
||||
"154l7zk7yh3v8l2l6zm5s2alvd2fzkp6c9i18iajfbna5af5m43b"))
|
||||
(patches (list (search-patch "jasper-CVE-2008-3522.patch")))))
|
||||
(build-system gnu-build-system)
|
||||
(native-inputs
|
||||
`(("unzip" ,unzip)))
|
||||
|
|
|
@ -0,0 +1,14 @@
|
|||
Fix CVE-2008-3522 (buffer overflow in 'jas_stream_printf').
|
||||
Patch from <https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522>.
|
||||
|
||||
--- jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:56:01.000000000 +0200
|
||||
+++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2008-09-08 14:58:16.000000000 +0200
|
||||
@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre
|
||||
int ret;
|
||||
|
||||
va_start(ap, fmt);
|
||||
- ret = vsprintf(buf, fmt, ap);
|
||||
+ ret = vsnprintf(buf, sizeof buf, fmt, ap);
|
||||
jas_stream_puts(stream, buf);
|
||||
va_end(ap);
|
||||
return ret;
|
Loading…
Reference in New Issue