summaryrefslogtreecommitdiff
path: root/multimedia/vlc07/patches/patch-ah
diff options
context:
space:
mode:
Diffstat (limited to 'multimedia/vlc07/patches/patch-ah')
-rw-r--r--multimedia/vlc07/patches/patch-ah16
1 files changed, 16 insertions, 0 deletions
diff --git a/multimedia/vlc07/patches/patch-ah b/multimedia/vlc07/patches/patch-ah
new file mode 100644
index 00000000000..82846d53c81
--- /dev/null
+++ b/multimedia/vlc07/patches/patch-ah
@@ -0,0 +1,16 @@
+$NetBSD: patch-ah,v 1.1 2007/06/22 14:34:17 lkundrak Exp $
+
+Fix for CVE-2007-3316 format-string vulnerability in Theora module described
+by VideoLAN-SA-0702 advisory. Backported from 0.8.6c.
+
+--- modules/codec/theora.c.orig 2004-04-28 22:02:41.000000000 +0200
++++ modules/codec/theora.c
+@@ -366,7 +366,7 @@ static void ParseTheoraComments( decoder
+ *psz_value = '\0';
+ psz_value++;
+ input_Control( p_input, INPUT_ADD_INFO, _("Theora comment"),
+- psz_name, psz_value );
++ psz_name, "%s", psz_value );
+ }
+ free( psz_comment );
+ i++;