Merge branch 'master' into core-updates

author: Ludovic Courtès <ludo@gnu.org> 2016-06-07 11:54:03 +0200
committer: Ludovic Courtès <ludo@gnu.org> 2016-06-07 11:54:03 +0200
commit: aeafff536f933b07836b14d089dfc52b0e432ec9 (patch)
tree: 4ede554999f98cf9e19c04098c934db52efae795 /gnu/packages/patches/wordnet-CVE-2008-2149.patch
parent: 9dee9e8ffe4650949bd3ad2edf559cf4a33e9e6e (diff)
parent: f82c58539e1f7b9b864e68ea2ab0c6a17c15fbb5 (diff)
1 files changed, 19 insertions, 0 deletions
diff --git a/gnu/packages/patches/wordnet-CVE-2008-2149.patch b/gnu/packages/patches/wordnet-CVE-2008-2149.patch
new file mode 100644
index 0000000000..9828efa4bc
--- /dev/null
+++ b/gnu/packages/patches/wordnet-CVE-2008-2149.patch
@@ -0,0 +1,19 @@
+Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
+format string
+Closes: #481186 (CVE-2008-2149)
+Please note: The WordNet code contains several other occurences of potentially
+exploitable functions like strcpy()/strcat()/...  and so even if there are no
+known exploits the code needs a full security audit.
+
+--- a/src/wn.c
++++ b/src/wn.c
+@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
+ 		    outsenses += do_search(av[1], optptr->pos, optptr->search,
+ 					    whichsense, optptr->label);
+ 	    } else {
+-		sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
++		/* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
++		sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
+ 		display_message(tmpbuf);
+ 		errcount++;
+ 	    }
author	Ludovic Courtès <ludo@gnu.org>	2016-06-07 11:54:03 +0200
committer	Ludovic Courtès <ludo@gnu.org>	2016-06-07 11:54:03 +0200
commit	aeafff536f933b07836b14d089dfc52b0e432ec9 (patch)
tree	4ede554999f98cf9e19c04098c934db52efae795 /gnu/packages/patches/wordnet-CVE-2008-2149.patch
parent	9dee9e8ffe4650949bd3ad2edf559cf4a33e9e6e (diff)
parent	f82c58539e1f7b9b864e68ea2ab0c6a17c15fbb5 (diff)