--- t1lib-5.1.1.orig/debian/patches/cve-2007-4033.diff +++ t1lib-5.1.1/debian/patches/cve-2007-4033.diff @@ -0,0 +1,19 @@ +This patch fixes CVE-2007-4033. + +Index: t1lib-5.1.1/lib/t1lib/t1env.c +=================================================================== +--- t1lib-5.1.1.orig/lib/t1lib/t1env.c 2008-01-05 19:08:50.000000000 +0100 ++++ t1lib-5.1.1/lib/t1lib/t1env.c 2008-01-05 19:09:14.000000000 +0100 +@@ -611,6 +611,12 @@ + #endif + strcat( pathbuf, DIRECTORY_SEP); + /* And finally the filename: */ ++ /* If current pathbuf + StrippedName + 1 byte for NULL is bigger than pathbuf ++ let's try next pathbuf */ ++ if( strlen(pathbuf) + strlen(StrippedName) + 1 > sizeof(pathbuf) ) { ++ i++; ++ continue; ++ } + strcat( pathbuf, StrippedName); + + /* Check for existence of the path: */