aboutsummaryrefslogtreecommitdiffstats
path: root/print
diff options
context:
space:
mode:
authordinoex <dinoex@FreeBSD.org>2015-11-17 02:38:56 +0800
committerdinoex <dinoex@FreeBSD.org>2015-11-17 02:38:56 +0800
commit0bc38fb8a52d36532fc56a36943b41586d5b1d2a (patch)
treefbf2979cee86170e692147b193cc3c3704954d03 /print
parent8f22f2528a06c8e5e8f50188c9e8993fca9bea62 (diff)
downloadfreebsd-ports-gnome-0bc38fb8a52d36532fc56a36943b41586d5b1d2a.tar.gz
freebsd-ports-gnome-0bc38fb8a52d36532fc56a36943b41586d5b1d2a.tar.zst
freebsd-ports-gnome-0bc38fb8a52d36532fc56a36943b41586d5b1d2a.zip
- fix for malicious crafted a2ps prologue files
Security: CVE-2015-8107 Security: http://www.openwall.com/lists/oss-security/2015/11/16/4 Submitted by: feld Obtained from: http://www.openwall.com/
Diffstat (limited to 'print')
-rw-r--r--print/a2ps/files/patch-output.c13
1 files changed, 13 insertions, 0 deletions
diff --git a/print/a2ps/files/patch-output.c b/print/a2ps/files/patch-output.c
new file mode 100644
index 000000000000..691d2d15dc5d
--- /dev/null
+++ b/print/a2ps/files/patch-output.c
@@ -0,0 +1,13 @@
+Fix for CVE-2015-8107
+http://www.openwall.com/lists/oss-security/2015/11/16/4
+--- lib/output.c.orig 2015-11-16 15:29:38 UTC
++++ lib/output.c
+@@ -525,7 +525,7 @@ output_file (struct output * out, a2ps_j
+ expand_user_string (job, FIRST_FILE (job),
+ (const uchar *) "Expand: requirement",
+ (const uchar *) token));
+- output (dest, expansion);
++ output (dest, "%s", expansion);
+ continue;
+ }
+