Package: gnuplot / 5.0.5+dfsg1-6+deb9u1

20_CVE-2017-9670.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
Description: Fix memory corruption vulnerability. CVE-2017-9670
Author: Ethan Merritt
Bug-Debian: https://bugs.debian.org/864901
Origin: https://sourceforge.net/p/gnuplot/bugs/_discuss/thread/44ec637c/af0f/attachment/uninitialized_variables_%28Bug1933%29.patch
Bug: https://sourceforge.net/p/gnuplot/bugs/1933/
Reviewed-By: Anton Gladky <gladk@debian.org>
Last-Update: 2017-06-16

--- gnuplot-5.0.5+dfsg1.orig/src/set.c
+++ gnuplot-5.0.5+dfsg1/src/set.c
@@ -5926,6 +5926,7 @@ load_tic_series(AXIS_INDEX axis)
 
     if (!equals(c_token, ",")) {
 	/* only step specified */
+	incr_token = c_token;
 	incr = start;
 	start = -VERYLARGE;
 	end = VERYLARGE;