diff options
Diffstat (limited to 'main/graphviz/CVE-2014-9157.patch')
| -rw-r--r-- | main/graphviz/CVE-2014-9157.patch | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/main/graphviz/CVE-2014-9157.patch b/main/graphviz/CVE-2014-9157.patch new file mode 100644 index 0000000000..25f7b3f406 --- /dev/null +++ b/main/graphviz/CVE-2014-9157.patch @@ -0,0 +1,21 @@ +https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081 + +--- ./lib/cgraph/scan.l.orig ++++ ./lib/cgraph/scan.l +@@ -209,6 +209,7 @@ + <hstring>([^><\n]*) addstr(yytext); + . return (yytext[0]); + %% ++ + void yyerror(char *str) + { + unsigned char xbuf[BUFSIZ]; +@@ -225,7 +226,7 @@ + agxbput (&xb, buf); + agxbput (&xb, yytext); + agxbput (&xb,"'\n"); +- agerr(AGERR,agxbuse(&xb)); ++ agerr(AGERR, "%s", agxbuse(&xb)); + agxbfree(&xb); + } + /* must be here to see flex's macro defns */ |