2a18b57222
* gnu/packages/netpbm.scm (netpbm)[source]: Add patches. * gnu/packages/patches/netpbm-CVE-2017-2586.patch, gnu/packages/patches/netpbm-CVE-2017-2587.patch: New files. * gnu/local.mk: Fix missing copyright year. (dist_patch_DATA): Add them.
22 lines
768 B
Diff
22 lines
768 B
Diff
From: Tobias Geerinckx-Rice <me@tobias.gr>
|
|
Date: Thu, 28 Feb 2019 20:29:00 +0100
|
|
Subject: [PATCH] netpbm: Fix CVE-2017-2586.
|
|
|
|
Copied verbatim from Debian[0].
|
|
|
|
[0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2586.patch
|
|
|
|
---
|
|
diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c
|
|
--- old/converter/other/svgtopam.c 2017-02-08 12:11:02.593690917 +0100
|
|
+++ new/converter/other/svgtopam.c 2017-02-08 12:13:05.192846469 +0100
|
|
@@ -676,7 +676,7 @@ stringToUint(const char * const string
|
|
|
|
/* TODO: move this to nstring.c */
|
|
|
|
- if (strlen(string) == 0)
|
|
+ if (string == NULL || strlen(string) == 0)
|
|
pm_asprintf(errorP, "Value is a null string");
|
|
else {
|
|
char * tailptr;
|