pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/multimedia/vlc07 Fix for CVE-2007-3316 format-string v...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/fcd89ea23d7e
branches:  trunk
changeset: 530308:fcd89ea23d7e
user:      lkundrak <lkundrak%pkgsrc.org@localhost>
date:      Fri Jun 22 14:34:16 2007 +0000

description:
Fix for CVE-2007-3316 format-string vulnerabilities backported from 0.8.6c.

diffstat:

 multimedia/vlc07/Makefile         |   4 ++--
 multimedia/vlc07/distinfo         |   4 +++-
 multimedia/vlc07/patches/patch-ag |  16 ++++++++++++++++
 multimedia/vlc07/patches/patch-ah |  16 ++++++++++++++++
 4 files changed, 37 insertions(+), 3 deletions(-)

diffs (69 lines):

diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/Makefile
--- a/multimedia/vlc07/Makefile Fri Jun 22 14:32:24 2007 +0000
+++ b/multimedia/vlc07/Makefile Fri Jun 22 14:34:16 2007 +0000
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.8 2007/02/22 19:26:51 wiz Exp $
+# $NetBSD: Makefile,v 1.9 2007/06/22 14:34:16 lkundrak Exp $
 #
 
 DISTNAME=              vlc-${VLC_VER}
-PKGREVISION=           16
+PKGREVISION=           17
 CATEGORIES=            multimedia
 MASTER_SITES=          http://download.videolan.org/pub/videolan/vlc/${VLC_VER}/
 EXTRACT_SUFX=          .tar.bz2
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/distinfo
--- a/multimedia/vlc07/distinfo Fri Jun 22 14:32:24 2007 +0000
+++ b/multimedia/vlc07/distinfo Fri Jun 22 14:34:16 2007 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.2 2007/01/13 07:31:07 wiz Exp $
+$NetBSD: distinfo,v 1.3 2007/06/22 14:34:16 lkundrak Exp $
 
 SHA1 (vlc-0.7.2.tar.bz2) = 938eaea128af02451fcbf0305c84ce290c9d8c21
 RMD160 (vlc-0.7.2.tar.bz2) = 05e35e0b9080581cfbc730212fc756cb46bd3257
@@ -9,3 +9,5 @@
 SHA1 (patch-ad) = e12945776db476e48ce005b6d68f9931ddcbe020
 SHA1 (patch-ae) = 1dcc0466a362fcdf51fbce8869cd1a48d35d3909
 SHA1 (patch-af) = ad79f35070495bbbe555bcc85bfa24b4bcbcb322
+SHA1 (patch-ag) = e71070ddfd8a06978d092e2e103308a52e101e13
+SHA1 (patch-ah) = 810c1341241d4fb800810c70c5eeb5ae5b5eb2dc
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/patches/patch-ag
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc07/patches/patch-ag Fri Jun 22 14:34:16 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ag,v 1.1 2007/06/22 14:34:16 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
+by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.
+
+--- modules/codec/vorbis.c.orig        2007-06-22 16:27:51.000000000 +0200
++++ modules/codec/vorbis.c
+@@ -496,7 +496,7 @@ static void ParseVorbisComments( decoder
+             *psz_value = '\0';
+             psz_value++;
+             input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
+-                           psz_name, psz_value );
++                           psz_name, "%s", psz_value );
+         }
+         free( psz_comment );
+         i++;
diff -r 69e1a68e8806 -r fcd89ea23d7e multimedia/vlc07/patches/patch-ah
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/multimedia/vlc07/patches/patch-ah Fri Jun 22 14:34:16 2007 +0000
@@ -0,0 +1,16 @@
+$NetBSD: patch-ah,v 1.1 2007/06/22 14:34:17 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Theora module described
+by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.
+
+--- modules/codec/theora.c.orig        2004-04-28 22:02:41.000000000 +0200
++++ modules/codec/theora.c
+@@ -366,7 +366,7 @@ static void ParseTheoraComments( decoder
+             *psz_value = '\0';
+             psz_value++;
+             input_Control( p_input, INPUT_ADD_INFO, _("Theora comment"),
+-                           psz_name, psz_value );
++                           psz_name, "%s", psz_value );
+         }
+         free( psz_comment );
+         i++;



Home | Main Index | Thread Index | Old Index