From 05f386f103bbd0145ac2fcf8b920bb27f1b518a4 Mon Sep 17 00:00:00 2001
From: Efraim Flashner <efraim@flashner.co.il>
Date: Wed, 10 Jul 2019 11:58:47 +0300
Subject: gnu: plib: Fix CVE-2011-4620, CVE-2012-4552.

* gnu/packages/game-development.scm (plib)[patches]: Add patches.
* gnu/packages/patches/plib-CVE-2011-4620.patch,
gnu/packages/patches/plib-CVE-2012-4552.patch: New files.
* gnu/local.mk (dist_patch_DATA): Register them.
---
 gnu/packages/patches/plib-CVE-2011-4620.patch | 13 +++++++++++++
 1 file changed, 13 insertions(+)
 create mode 100644 gnu/packages/patches/plib-CVE-2011-4620.patch

(limited to 'gnu/packages/patches/plib-CVE-2011-4620.patch')

diff --git a/gnu/packages/patches/plib-CVE-2011-4620.patch b/gnu/packages/patches/plib-CVE-2011-4620.patch
new file mode 100644
index 0000000000..c5a03bd0ca
--- /dev/null
+++ b/gnu/packages/patches/plib-CVE-2011-4620.patch
@@ -0,0 +1,13 @@
+https://sources.debian.org/data/main/p/plib/1.8.5-8/debian/patches/04_CVE-2011-4620.diff
+
+--- a/src/util/ulError.cxx
++++ b/src/util/ulError.cxx
+@@ -39,7 +39,7 @@
+ {
+   va_list argp;
+   va_start ( argp, fmt ) ;
+-  vsprintf ( _ulErrorBuffer, fmt, argp ) ;
++  vsnprintf ( _ulErrorBuffer, sizeof(_ulErrorBuffer), fmt, argp ) ;
+   va_end ( argp ) ;
+  
+   if ( _ulErrorCB )
-- 
cgit 1.4.1