pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/multimedia/vlc07 Fix for CVE-2007-3316 format-string v...
details: https://anonhg.NetBSD.org/pkgsrc/rev/fcd89ea23d7e
branches: trunk
changeset: 530308:fcd89ea23d7e
user: lkundrak <lkundrak%pkgsrc.org@localhost>
date: Fri Jun 22 14:34:16 2007 +0000
description:
Fix for CVE-2007-3316 format-string vulnerabilities backported from 0.8.6c.
diffstat:
multimedia/vlc07/Makefile | 4 ++--
multimedia/vlc07/distinfo | 4 +++-
multimedia/vlc07/patches/patch-ag | 16 ++++++++++++++++
multimedia/vlc07/patches/patch-ah | 16 ++++++++++++++++
4 files changed, 37 insertions(+), 3 deletions(-)
diffs (69 lines):
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/Makefile
--- a/multimedia/vlc07/Makefile Fri Jun 22 14:32:24 2007 +0000
+++ b/multimedia/vlc07/Makefile Fri Jun 22 14:34:16 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2007/02/22 19:26:51 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2007/06/22 14:34:16 lkundrak Exp $
#
DISTNAME= vlc-${VLC_VER}
-PKGREVISION= 16
+PKGREVISION= 17
CATEGORIES= multimedia
MASTER_SITES= http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
EXTRACT_SUFX= .tar.bz2
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/distinfo
--- a/multimedia/vlc07/distinfo Fri Jun 22 14:32:24 2007 +0000
+++ b/multimedia/vlc07/distinfo Fri Jun 22 14:34:16 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2007/01/13 07:31:07 wiz Exp $
+$NetBSD: distinfo,v 1.3 2007/06/22 14:34:16 lkundrak Exp $
SHA1 (vlc-0.7.2.tar.bz2) = 938eaea128af02451fcbf0305c84ce290c9d8c21
RMD160 (vlc-0.7.2.tar.bz2) = 05e35e0b9080581cfbc730212fc756cb46bd3257
@@ -9,3 +9,5 @@
SHA1 (patch-ad) = e12945776db476e48ce005b6d68f9931ddcbe020
SHA1 (patch-ae) = 1dcc0466a362fcdf51fbce8869cd1a48d35d3909
SHA1 (patch-af) = ad79f35070495bbbe555bcc85bfa24b4bcbcb322
+SHA1 (patch-ag) = e71070ddfd8a06978d092e2e103308a52e101e13
+SHA1 (patch-ah) = 810c1341241d4fb800810c70c5eeb5ae5b5eb2dc
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/patches/patch-ag
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc07/patches/patch-ag Fri Jun 22 14:34:16 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.1 2007/06/22 14:34:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/codec/vorbis.c.orig 2007-06-22 16:27:51.000000000 +0200
++++ modules/codec/vorbis.c
+@@ -496,7 +496,7 @@ static void ParseVorbisComments( decoder
+ *psz_value = '\0';
+ psz_value++;
+ input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
+- psz_name, psz_value );
++ psz_name, "%s", psz_value );
+ }
+ free( psz_comment );
+ i++;
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/patches/patch-ah
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc07/patches/patch-ah Fri Jun 22 14:34:16 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ah,v 1.1 2007/06/22 14:34:17 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Theora module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/codec/theora.c.orig 2004-04-28 22:02:41.000000000 +0200
++++ modules/codec/theora.c
+@@ -366,7 +366,7 @@ static void ParseTheoraComments( decoder
+ *psz_value = '\0';
+ psz_value++;
+ input_Control( p_input, INPUT_ADD_INFO, _("Theora comment"),
+- psz_name, psz_value );
++ psz_name, "%s", psz_value );
+ }
+ free( psz_comment );
+ i++;
Home |
Main Index |
Thread Index |
Old Index