1 files changed, 15 insertions, 0 deletions

diff --git a/dev-ruby/ruby-gtk2/files/ruby-gtk2-0.16.0-format-string.patch b/dev-ruby/ruby-gtk2/files/ruby-gtk2-0.16.0-format-string.patch
new file mode 100644
index 000000000000..b3e17e65cea8
--- /dev/null
+++ b/dev-ruby/ruby-gtk2/files/ruby-gtk2-0.16.0-format-string.patch
@@ -0,0 +1,15 @@
+This patch fixes a format string vulnerability that got reported in bug #200623.
+It is already fixed in upstream SVN in an identical manner.
+
+--- gtk/src/rbgtkmessagedialog.c
++++ gtk/src/rbgtkmessagedialog.c
+@@ -28,7 +28,8 @@
+                                RVAL2GFLAGS(flags, GTK_TYPE_DIALOG_FLAGS), 
+                                RVAL2GENUM(type, GTK_TYPE_MESSAGE_TYPE), 
+                                RVAL2GENUM(buttons, GTK_TYPE_BUTTONS_TYPE),
+-                               (const gchar*)(NIL_P(message) ? "": RVAL2CSTR(message)));
++                               "%s",
++                               NIL_P(message) ? "": RVAL2CSTR(message));
+     RBGTK_INITIALIZE(self, w);
+     return Qnil;
+ }