File CVE-2018-16554.patch of Package jhead

From: Ludovic Rousseau <rousseau@debian.org>
Date: Sat Sep  8 16:19:07 CEST 2018
Subject: fix heap buffer overflow

Bug-Debian: https://bugs.debian.org/908176
Description: Fix CVE-2018-16554

--- a/gpsinfo.c
+++ b/gpsinfo.c
@@ -162,7 +162,8 @@
                 break;
 
             case TAG_GPS_ALT:
-                sprintf(ImageInfo.GpsAlt + 1, "%.2fm", 
+                snprintf(ImageInfo.GpsAlt + 1, sizeof(ImageInfo.GpsAlt) -1,
+                    "%.2fm",
                     ConvertAnyFormat(ValuePtr, Format));
                 break;
         }
openSUSE Build Service is sponsored by