Summary: | media-sound/vorbis-tools fails to compile with format-security | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Agostino Sarubbo <ago> |
Component: | Current packages | Assignee: | Gentoo Sound Team <sound> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | unlord |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 259417 | ||
Attachments: |
vorbis-tools-1.4.0:20140822-125848.log
vorbis-tools-1.4.0-r2.ebuild 1.4.0-fix-format-security-error.patch |
Description
Agostino Sarubbo
2014-08-22 15:20:15 UTC
Created attachment 383390 [details]
vorbis-tools-1.4.0:20140822-125848.log
build log
Created attachment 386210 [details]
vorbis-tools-1.4.0-r2.ebuild
Created attachment 386212 [details, diff]
1.4.0-fix-format-security-error.patch
+*vorbis-tools-1.4.0-r2 (08 Oct 2014) + + 08 Oct 2014; Tony Vroon <chainsaw@gentoo.org> +vorbis-tools-1.4.0-r2.ebuild, + +files/vorbis-tools-1.4.0-format-security.patch: + Patch by "unlord" from xiph.org to address a format security issue, closes + bug #520580 by Agostino "ago" Sarubbo. Thank you very much :) This has been fixed upstream: r19227 | unlord | 2014-10-08 14:32:45 -0400 (Wed, 08 Oct 2014) ogg123: fix a format security issue in status.c, reported by downstream https://bugs.gentoo.org/520580 --- ogg123/status.c (revision 19226) +++ ogg123/status.c (revision 19227) @@ -148,7 +148,7 @@ switch (stats->type) { case stat_noarg: - len += sprintf(str+len, stats->formatstr); + len += sprintf(str+len, "%s", stats->formatstr); break; case stat_intarg: len += sprintf(str+len, stats->formatstr, stats->arg.intarg); |