← Back to branch summary

~ubuntu-branches/ubuntu/hardy/vlc/hardy

« back to all changes in this revision

Viewing changes to modules/codec/vorbis.c

  • Committer: Bazaar Package Importer
  • Author(s): Daniel T Chen
  • Date: 2007-06-25 01:53:37 UTC
  • mfrom: (1.1.12 upstream)
  • Revision ID: james.westby@ubuntu.com-20070625015337-9jqzr0atij6hzxnp
Tags: 0.8.6.release.c-0ubuntu1
https://launchpad.net/bugs/121511
* SECURITY UPDATE: Format string injection in multiple plugins could
  lead to arbitrary code execution and/or DoS.
* New upstream security and bugfix release, 0.8.6c (LP: #121511).
* References
  CVE-2007-0256
  CVE-2007-3316
* debian/patches/: Remove 020_flac.diff and 030_CVE-2007-0017.diff
  (subsumed by new upstream release).
* debian/vlc-nox.install: Add libtelx_plugin.so (fixes FTBFS).

Show diffs side-by-side

added added

removed removed

Lines of Context:
modules/codec/vorbis.c
2
2
 * vorbis.c: vorbis decoder/encoder/packetizer module making use of libvorbis.
3
3
 *****************************************************************************
4
4
 * Copyright (C) 2001-2003 the VideoLAN team
5
 
 * $Id: vorbis.c 17236 2006-10-21 19:11:38Z hartman $
 
5
 * $Id: vorbis.c 20449 2007-06-07 17:31:10Z courmisch $
6
6
 *
7
7
 * Authors: Gildas Bazin <gbazin@videolan.org>
8
8
 *
623
623
            *psz_value = '\0';
624
624
            psz_value++;
625
625
            input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
626
 
                           psz_name, psz_value );
 
626
                           psz_name, "%s", psz_value );
627
627
            if( strcasestr( psz_name, "artist" ) )
628
628
            {
629
629
                vlc_input_item_AddInfo( p_input->input.p_item,