22564022 problem in UTILITY/A2PS
authorSujan Srinivasa <sujan.srinivasa@oracle.com>
Thu, 14 Jul 2016 23:05:42 -0700
changeset 6416 99d76bb5892c
parent 6415 fcacd5753a06
child 6418 2a0fae99277a
22564022 problem in UTILITY/A2PS
components/a2ps/patches/22564022.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/a2ps/patches/22564022.patch	Thu Jul 14 23:05:42 2016 -0700
@@ -0,0 +1,16 @@
+This patch has been taken from community and it addresses format string vulnerability in a2ps component.
+
+Patch source:
+http://www.openwall.com/lists/oss-security/2015/11/16/4
+
+--- a2ps-4.14/lib/output.c	Fri Dec 28 17:58:21 2007
++++ a2ps-4.14_copy/lib/output.c	Wed May 18 23:11:57 2016
[email protected]@ -525,7 +525,7 @@
+ 		     expand_user_string (job, FIRST_FILE (job),
+ 					 (const uchar *) "Expand: requirement",
+ 					 (const uchar *) token));
+-	output (dest, expansion);
++	output (dest, "%s", expansion);
+ 	continue;
+       }
+