24 lines
747 B
Diff
24 lines
747 B
Diff
From https://lists.debian.org/debian-qa-packages/2014/12/msg00048.html , which
|
|
seems to come from Ubuntu.
|
|
|
|
Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine
|
|
Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
|
|
Author: Emden R. Gansner
|
|
|
|
---
|
|
lib/cgraph/scan.l | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
Index: b/lib/cgraph/scan.l
|
|
===================================================================
|
|
--- a/lib/cgraph/scan.l
|
|
+++ b/lib/cgraph/scan.l
|
|
@@ -225,7 +225,7 @@
|
|
agxbput (&xb, buf);
|
|
agxbput (&xb, yytext);
|
|
agxbput (&xb,"'\n");
|
|
- agerr(AGERR,agxbuse(&xb));
|
|
+ agerr(AGERR, "%s", agxbuse(&xb));
|
|
agxbfree(&xb);
|
|
}
|
|
/* must be here to see flex's macro defns */
|