diff options
| author | TBK <tbk@jjtc.eu> | 2020-02-24 21:15:36 +0100 |
|---|---|---|
| committer | Leo <thinkabit.ukim@gmail.com> | 2020-02-24 17:29:37 -0300 |
| commit | ff0ba778a6651a6d66c94171e62dd4644c239039 (patch) | |
| tree | 1f7a224334d7f3544be1b764a6cdf24e87a16623 /main/cvs/cvs-1.12.12-format-security.patch | |
| parent | 90e64b894c1cd230b23b58685d08c4d4334c68e8 (diff) | |
| download | aports-ff0ba778a6651a6d66c94171e62dd4644c239039.tar.bz2 aports-ff0ba778a6651a6d66c94171e62dd4644c239039.tar.xz | |
main/cvs: security upgrade to 1.12.12
Most distros uses 1.12.13 (https://repology.org/project/cvs/versions) but according to Gentoo it is usable, so following Gentoo (https://bugs.gentoo.org/124733) 1.12.12 is the way forward.
CVEs:
* CVE-2010-3846 - https://bugzilla.redhat.com/show_bug.cgi?id=642146
* CVE-2012-0804 - https://security-tracker.debian.org/tracker/CVE-2012-0804
* CVE-2017-12836 - https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=871810#10
Diffstat (limited to 'main/cvs/cvs-1.12.12-format-security.patch')
| -rw-r--r-- | main/cvs/cvs-1.12.12-format-security.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/main/cvs/cvs-1.12.12-format-security.patch b/main/cvs/cvs-1.12.12-format-security.patch new file mode 100644 index 0000000000..d710a90207 --- /dev/null +++ b/main/cvs/cvs-1.12.12-format-security.patch @@ -0,0 +1,22 @@ +--- a/diff/diff3.c ++++ b/diff/diff3.c +@@ -1503,7 +1503,7 @@ + line = 0; + do + { +- printf_output (line_prefix); ++ printf_output ("%s", line_prefix); + cp = D_RELNUM (ptr, realfile, line); + length = D_RELLEN (ptr, realfile, line); + write_output (cp, length); +--- a/src/main.c ++++ b/src/main.c +@@ -1375,7 +1375,7 @@ + { + (void) fprintf (stderr, *cpp++, program_name, cvs_cmd_name); + for (; *cpp; cpp++) +- (void) fprintf (stderr, *cpp); ++ (void) fprintf (stderr, "%s", *cpp); + exit (EXIT_FAILURE); + } + |