diff options
| author | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-27 11:07:52 +0000 |
|---|---|---|
| committer | Natanael Copa <ncopa@alpinelinux.org> | 2015-01-27 11:07:52 +0000 |
| commit | 8c89f11b647949f06fbef635e60814476280caa9 (patch) | |
| tree | be5fb78c1610b58bdc4bff3317c23e25da3a6e3c /main/graphviz/CVE-2014-9157.patch | |
| parent | 65306a18e2d26e3724f00b5856166a87ebf4439e (diff) | |
| download | aports-8c89f11b647949f06fbef635e60814476280caa9.tar.bz2 aports-8c89f11b647949f06fbef635e60814476280caa9.tar.xz | |
main/graphviz: security fix for CVE-2014-9157
ref #3752
Diffstat (limited to 'main/graphviz/CVE-2014-9157.patch')
| -rw-r--r-- | main/graphviz/CVE-2014-9157.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/main/graphviz/CVE-2014-9157.patch b/main/graphviz/CVE-2014-9157.patch new file mode 100644 index 0000000000..25f7b3f406 --- /dev/null +++ b/main/graphviz/CVE-2014-9157.patch @@ -0,0 +1,21 @@ +https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 + +--- ./lib/cgraph/scan.l.orig ++++ ./lib/cgraph/scan.l +@@ -209,6 +209,7 @@ + <hstring>([^><\n]*) addstr(yytext); + . return (yytext[0]); + %% ++ + void yyerror(char *str) + { + unsigned char xbuf[BUFSIZ]; +@@ -225,7 +226,7 @@ + agxbput (&xb, buf); + agxbput (&xb, yytext); + agxbput (&xb,"'\n"); +- agerr(AGERR,agxbuse(&xb)); ++ agerr(AGERR, "%s", agxbuse(&xb)); + agxbfree(&xb); + } + /* must be here to see flex's macro defns */ |