guix-play/gnu/packages/patches/netpbm-CVE-2017-2586.patch
Tobias Geerinckx-Rice 2a18b57222
gnu: netpbm: Fix CVE-2017-258[67].
* gnu/packages/netpbm.scm (netpbm)[source]: Add patches.
* gnu/packages/patches/netpbm-CVE-2017-2586.patch,
gnu/packages/patches/netpbm-CVE-2017-2587.patch: New files.
* gnu/local.mk: Fix missing copyright year.
(dist_patch_DATA): Add them.
2019-02-28 22:35:41 +01:00

22 lines
768 B
Diff

From: Tobias Geerinckx-Rice <me@tobias.gr>
Date: Thu, 28 Feb 2019 20:29:00 +0100
Subject: [PATCH] netpbm: Fix CVE-2017-2586.
Copied verbatim from Debian[0].
[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2586.patch
---
diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
--- old/converter/other/svgtopam.c 2017-02-08 12:11:02.593690917 +0100
+++ new/converter/other/svgtopam.c 2017-02-08 12:13:05.192846469 +0100
@@ -676,7 +676,7 @@ stringToUint(const char * const string
/* TODO: move this to nstring.c */
- if (strlen(string) == 0)
+ if (string == NULL || strlen(string) == 0)
pm_asprintf(errorP, "Value is a null string");
else {
char * tailptr;