Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 83686 - media-gfx/xv: filename handling issue
Summary: media-gfx/xv: filename handling issue
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B2 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2005-03-01 07:27 UTC by Tavis Ormandy (RETIRED)
Modified: 2006-03-23 19:34 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Tavis Ormandy (RETIRED) gentoo-dev 2005-03-01 07:27:57 UTC
<media-gfx/xv-3.10a-r10 have a problem handling malformed filenames.

$ cat files/xv-filename-format-string.diff 
--- xv.c        2005-03-01 15:20:50.153871368 +0000
+++ xv.c        2005-03-01 15:20:39.241530296 +0000
@@ -2249,7 +2249,7 @@
   SetISTR(ISTR_INFO,formatStr);
        
   SetInfoMode(INF_PART);
-  SetISTR(ISTR_FILENAME, 
+  SetISTR(ISTR_FILENAME, "%s",
          (filenum==DFLTPIC || filenum==GRABBED || frompipe)
          ? "<none>" : basefname);
 


Reproducible: Always
Steps to Reproduce:
1.
2.
3.
Comment 1 Thierry Carrez (RETIRED) gentoo-dev 2005-03-02 07:53:56 UTC
Arches, please test and marl xv-3.10a-r10 stable
Comment 2 Jan Brinkmann (RETIRED) gentoo-dev 2005-03-02 10:15:49 UTC
stable on amd64
Comment 3 Lina Pezzella (RETIRED) gentoo-dev 2005-03-02 10:41:11 UTC
Stable ppc-macos.
Comment 4 Ferris McCormick (RETIRED) gentoo-dev 2005-03-02 11:35:43 UTC
xv-3.10a-r10 builds and runs correctly on sparc so far as I can tell. So, stable for sparc.
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2005-03-02 11:56:42 UTC
stable on ppc64
Comment 6 Michael Hanselmann (hansmi) (RETIRED) gentoo-dev 2005-03-02 13:48:50 UTC
Stable on ppc.
Comment 7 Bryan Østergaard (RETIRED) gentoo-dev 2005-03-03 11:58:09 UTC
Alpha stable.
Comment 8 Thierry Carrez (RETIRED) gentoo-dev 2005-03-04 09:13:07 UTC
GLSA 200503-09
hppa mips ia64: please mark stable to benefit from GLSA
Comment 9 Hardave Riar (RETIRED) gentoo-dev 2005-03-13 17:47:05 UTC
Stable on mips.
Comment 10 René Nussbaumer (RETIRED) gentoo-dev 2005-05-16 08:36:07 UTC
stable on hppa