From fd1461879c63c608617d30524183a71370a7451c Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 30 May 2016 21:45:00 +0300 Subject: gnu: mcrypt: Fix CVE-2012-4409, CVE-2012-4426, CVE-2012-4527. * gnu/packages/mcrypt.scm (mcrypt)[source]: Add patches. * gnu/packages/patches/mcrypt-CVE-2012-4409.patch, gnu/packages/patches/mcrypt-CVE-2012-4426.patch, gnu/packages/patches/mcrypt-CVE-2012-4527.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/packages/patches/mcrypt-CVE-2012-4426.patch | 36 +++++++++++++++++++++++++ 1 file changed, 36 insertions(+) create mode 100644 gnu/packages/patches/mcrypt-CVE-2012-4426.patch (limited to 'gnu/packages/patches/mcrypt-CVE-2012-4426.patch') diff --git a/gnu/packages/patches/mcrypt-CVE-2012-4426.patch b/gnu/packages/patches/mcrypt-CVE-2012-4426.patch new file mode 100644 index 0000000000..61c197b0c9 --- /dev/null +++ b/gnu/packages/patches/mcrypt-CVE-2012-4426.patch @@ -0,0 +1,36 @@ +diff --git a/mcrypt-CVE-2012-4426.patch b/mcrypt-CVE-2012-4426.patch +new file mode 100644 +index 0000000..747f428 +--- mcrypt-2.6.8/src/errors.c ++++ mcrypt-2.6.8/src/errors.c +@@ -25,24 +25,24 @@ + + void err_quit(char *errmsg) + { +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + exit(-1); + } + + void err_warn(char *errmsg) + { + if (quiet <= 1) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_info(char *errmsg) + { + if (quiet == 0) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + + void err_crit(char *errmsg) + { + if (quiet <= 2) +- fprintf(stderr, errmsg); ++ fprintf(stderr, "%s", errmsg); + } + +--- -- cgit 1.4.1