Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug
Bug#: 83686
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Tavis Ormandy (RETIRED) <taviso@gentoo.org>
Add CC:
CC:
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 83686 depends on: Show dependency tree
Bug 83686 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2005-03-01 07:27 0000 
<media-gfx/xv-3.10a-r10 have a problem handling malformed filenames.

$ cat files/xv-filename-format-string.diff 
--- xv.c        2005-03-01 15:20:50.153871368 +0000
+++ xv.c        2005-03-01 15:20:39.241530296 +0000
@@ -2249,7 +2249,7 @@
   SetISTR(ISTR_INFO,formatStr);
        
   SetInfoMode(INF_PART);
-  SetISTR(ISTR_FILENAME, 
+  SetISTR(ISTR_FILENAME, "%s",
          (filenum==DFLTPIC || filenum==GRABBED || frompipe)
          ? "<none>" : basefname);
 


Reproducible: Always
Steps to Reproduce:
1.
2.
3.

------- Comment #1 From Thierry Carrez (RETIRED) 2005-03-02 07:53:56 0000 ------- 
Arches, please test and marl xv-3.10a-r10 stable

------- Comment #2 From Jan Brinkmann (RETIRED) 2005-03-02 10:15:49 0000 ------- 
stable on amd64

------- Comment #3 From Lina Pezzella (RETIRED) 2005-03-02 10:41:11 0000 ------- 
Stable ppc-macos.

------- Comment #4 From Ferris McCormick 2005-03-02 11:35:43 0000 ------- 
xv-3.10a-r10 builds and runs correctly on sparc so far as I can tell. So,
stable for sparc.

------- Comment #5 From Markus Rothe 2005-03-02 11:56:42 0000 ------- 
stable on ppc64

------- Comment #6 From Michael Hanselmann (hansmi) (RETIRED) 2005-03-02 13:48:50 0000 ------- 
Stable on ppc.

------- Comment #7 From Bryan Østergaard (RETIRED) 2005-03-03 11:58:09 0000 ------- 
Alpha stable.

------- Comment #8 From Thierry Carrez (RETIRED) 2005-03-04 09:13:07 0000 ------- 
GLSA 200503-09
hppa mips ia64: please mark stable to benefit from GLSA

------- Comment #9 From Hardave Riar (RETIRED) 2005-03-13 17:47:05 0000 ------- 
Stable on mips.

------- Comment #10 From René Nussbaumer 2005-05-16 08:36:07 0000 ------- 
stable on hppa
Bug List: (This bug is not in your last search results)   Show last search results      Search page      Enter new bug