blob: 66ce496ca74886eab1e440dceae0ab4c2dd1722a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
From https://lists.debian.org/debian-qa-packages/2014/12/msg00048.html , which
seems to come from Ubuntu.
Subject: Fix format string vulnerability (CVE-2014-9157) in yyerror() routine
Origin: https://github.com/ellson/graphviz/commit/99eda421f7ddc27b14e4ac1d2126e5fe41719081
Author: Emden R. Gansner
---
lib/cgraph/scan.l | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Index: b/lib/cgraph/scan.l
===================================================================
--- a/lib/cgraph/scan.l
+++ b/lib/cgraph/scan.l
@@ -225,7 +225,7 @@
agxbput (&xb, buf);
agxbput (&xb, yytext);
agxbput (&xb,"'\n");
- agerr(AGERR,agxbuse(&xb));
+ agerr(AGERR, "%s", agxbuse(&xb));
agxbfree(&xb);
}
/* must be here to see flex's macro defns */
|