head	1.2;
access;
symbols
	pkgsrc-2013Q2:1.2.0.16
	pkgsrc-2013Q2-base:1.2
	pkgsrc-2012Q4:1.2.0.14
	pkgsrc-2012Q4-base:1.2
	pkgsrc-2011Q4:1.2.0.12
	pkgsrc-2011Q4-base:1.2
	pkgsrc-2011Q2:1.2.0.10
	pkgsrc-2011Q2-base:1.2
	pkgsrc-2009Q4:1.2.0.8
	pkgsrc-2009Q4-base:1.2
	pkgsrc-2008Q4:1.2.0.6
	pkgsrc-2008Q4-base:1.2
	pkgsrc-2008Q3:1.2.0.4
	pkgsrc-2008Q3-base:1.2
	cube-native-xorg:1.2.0.2
	cube-native-xorg-base:1.2
	pkgsrc-2008Q2:1.1.0.12
	pkgsrc-2008Q2-base:1.1
	cwrapper:1.1.0.10
	pkgsrc-2008Q1:1.1.0.8
	pkgsrc-2008Q1-base:1.1
	pkgsrc-2007Q4:1.1.0.6
	pkgsrc-2007Q4-base:1.1
	pkgsrc-2007Q3:1.1.0.4
	pkgsrc-2007Q3-base:1.1
	pkgsrc-2007Q2:1.1.0.2
	pkgsrc-2007Q2-base:1.1;
locks; strict;
comment	@# @;


1.2
date	2008.09.08.19.20.26;	author ahoka;	state dead;
branches;
next	1.1;

1.1
date	2007.06.22.14.34.16;	author lkundrak;	state Exp;
branches;
next	;


desc
@@


1.2
log
@This package is long obsolete and as vlc has been updated to 0.9
and we have vlc08 there is no need to keep two legacy versions.
@
text
@$NetBSD: patch-ag,v 1.1 2007/06/22 14:34:16 lkundrak Exp $

Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.

--- modules/codec/vorbis.c.orig	2007-06-22 16:27:51.000000000 +0200
+++ modules/codec/vorbis.c
@@@@ -496,7 +496,7 @@@@ static void ParseVorbisComments( decoder
             *psz_value = '\0';
             psz_value++;
             input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
-                           psz_name, psz_value );
+                           psz_name, "%s", psz_value );
         }
         free( psz_comment );
         i++;
@


1.1
log
@Fix for CVE-2007-3316 format-string vulnerabilities backported from 0.8.6c.
@
text
@d1 1
a1 1
$NetBSD$
@