1 files changed, 39 insertions, 0 deletions

diff --git a/games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch b/games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch
new file mode 100644
index 000000000000..78ae160197ba
--- /dev/null
+++ b/games-action/bomberclone/files/bomberclone-0.11.6.2-fix-kaboom.patch
@@ -0,0 +1,39 @@
+# Fix remote buffer overflow vulnerability if an excessive remote error is sent
+# and processed due to the text buffer overflowing.
+
+# Discovery: Stefan Cornelius <dercorny@gentoo.org> of Gentoo Security
+# Patch: Tim Yamin <plasmaroo@gentoo.org> of Gentoo Auditing
+
+http://bugs.gentoo.org/121605
+
+--- bomberclone-0.11.6.2/src/menu.c
++++ bomberclone-0.11.6.2/src/menu.c
+@@ -629,7 +629,7 @@
+     memset (text, 0, sizeof (text));
+     memset (out, 0, sizeof (out));
+     va_start (args, fmt);
+-    vsprintf (text, fmt, args);
++    vsnprintf (text, 512, fmt, args);
+     va_end (args);
+ 
+     menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
+@@ -722,7 +724,7 @@
+     memset (text, 0, sizeof (text));
+     memset (out, 0, sizeof (out));
+     va_start (args, fmt);
+-    vsprintf (text, fmt, args);
++    vsnprintf (text, 512, fmt, args);
+     va_end (args);
+ 
+     menu_formattext (text, out, lines, &linenr, &maxlinelen, MENU_MESSAGES_MAXLINELEN,
+--- bomberclone-0.11.6.2/src/menulabels.c
++++ bomberclone-0.11.6.2/src/menulabels.c
+@@ -72,7 +72,7 @@
+ 	memset (text, 0, sizeof (text));
+ 	memset (out, 0, sizeof (out));
+ 	va_start (args, fmt);
+-	vsprintf (text, fmt, args);
++	vsnprintf (text, 1024, fmt, args);
+ 	va_end (args);
+ 
+ 	menu_formattext (text, out, lineptr, &linecnt, &maxchar, maxlen, maxlines);