$NetBSD: patch-al,v 1.1 2007/06/22 14:13:16 lkundrak Exp $

Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.

--- modules/codec/vorbis.c.orig	2007-06-22 16:03:12.000000000 +0200
+++ modules/codec/vorbis.c
@@ -614,7 +614,7 @@ static void ParseVorbisComments( decoder
             *psz_value = '\0';
             psz_value++;
             input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
-                           psz_name, psz_value );
+                           psz_name, "%s", psz_value );
             if( strcasestr( psz_name, "artist" ) )
             {
                 vlc_input_item_AddInfo( p_input->input.p_item,