From 5a61f34f2e731059b67daa59d0d398688a477cfb Mon Sep 17 00:00:00 2001
From: Martin Weinelt <hexa@darmstadt.ccc.de>
Date: Sun, 15 Jan 2023 22:01:01 +0100
Subject: radare2: Fix ANSI Escape Sequence Injection vulns via DWARF

Fixes: CVE-2023-0302
---
 pkgs/development/tools/analysis/radare2/default.nix | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'pkgs/development/tools/analysis/radare2/default.nix')

diff --git a/pkgs/development/tools/analysis/radare2/default.nix b/pkgs/development/tools/analysis/radare2/default.nix
index 94165d992d8..e02ce86d8ef 100644
--- a/pkgs/development/tools/analysis/radare2/default.nix
+++ b/pkgs/development/tools/analysis/radare2/default.nix
@@ -63,6 +63,11 @@ stdenv.mkDerivation rec {
       url = "https://github.com/radareorg/radare2/commit/842f809d4ec6a12af2906f948657281c9ebc8a24.patch";
       sha256 = "sha256-asEXW9Ox48w9WQhOA9tleXIvynIjsWb6ItKmFTojgbQ=";
     })
+    (fetchpatch {
+      name = "CVE-2023-0302.patch";
+      url = "https://github.com/radareorg/radare2/commit/961f0e723903011d4f54c2396e44efa91fcc74ce.patch";
+      hash = "sha256-QinRQDIY4p3P+M3Hh9w3Dv3N/2XTaf3N0nUluHPpAvg=";
+    })
   ];
 
   preBuild = ''
-- 
cgit 1.4.1