From c1dbd3a8709f143fa72b2f893a069ca5f1afe7ac Mon Sep 17 00:00:00 2001 From: Efraim Flashner Date: Mon, 30 May 2016 20:11:39 +0300 Subject: gnu: wordnet: Fix CVE-2008-2149, CVE-2008-3908. * gnu/packages/wordnet.scm (wordnet)[source]: Add patches. * gnu/packages/patches/wordnet-CVE-2008-2149.patch, gnu/packages/patches/wordnet-CVE-2008-3908-pt1.patch, gnu/packages/patches/wordnet-CVE-2008-3908-pt2.patch: New variables. * gnu/local.mk (dist_patch_DATA): Add them. --- gnu/packages/patches/wordnet-CVE-2008-2149.patch | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 gnu/packages/patches/wordnet-CVE-2008-2149.patch (limited to 'gnu/packages/patches/wordnet-CVE-2008-2149.patch') diff --git a/gnu/packages/patches/wordnet-CVE-2008-2149.patch b/gnu/packages/patches/wordnet-CVE-2008-2149.patch new file mode 100644 index 0000000000..9828efa4bc --- /dev/null +++ b/gnu/packages/patches/wordnet-CVE-2008-2149.patch @@ -0,0 +1,19 @@ +Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf +format string +Closes: #481186 (CVE-2008-2149) +Please note: The WordNet code contains several other occurences of potentially +exploitable functions like strcpy()/strcat()/... and so even if there are no +known exploits the code needs a full security audit. + +--- a/src/wn.c ++++ b/src/wn.c +@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[]) + outsenses += do_search(av[1], optptr->pos, optptr->search, + whichsense, optptr->label); + } else { +- sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]); ++ /* Fix CVE-2008-2149: buffer overflows Andreas Tille */ ++ sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]); + display_message(tmpbuf); + errcount++; + } -- cgit v1.2.3