about summary refs log tree commit diff
path: root/nixpkgs/pkgs/development/libraries/aspell/default.nix
diff options
context:
space:
mode:
Diffstat (limited to 'nixpkgs/pkgs/development/libraries/aspell/default.nix')
-rw-r--r--nixpkgs/pkgs/development/libraries/aspell/default.nix9
1 files changed, 8 insertions, 1 deletions
diff --git a/nixpkgs/pkgs/development/libraries/aspell/default.nix b/nixpkgs/pkgs/development/libraries/aspell/default.nix
index 01acced98f6f..777bad1e5a53 100644
--- a/nixpkgs/pkgs/development/libraries/aspell/default.nix
+++ b/nixpkgs/pkgs/development/libraries/aspell/default.nix
@@ -23,7 +23,14 @@ stdenv.mkDerivation rec {
     sha256 = "1wi60ankalmh8ds7nplz434jd7j94gdvbahdwsr539rlad8pxdzr";
   };
 
-  patches = lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;
+  patches = [
+    (fetchpatch {
+      #  objstack: assert that the alloc size will fit within a chunk
+      name = "CVE-2019-25051.patch";
+      url = "https://github.com/gnuaspell/aspell/commit/0718b375425aad8e54e1150313b862e4c6fd324a.patch";
+      sha256 = "03z259xrk41x3j190gaprf3mqysyfgh3a04rjmch3h625vj95x39";
+    })
+  ] ++ lib.optional searchNixProfiles ./data-dirs-from-nix-profiles.patch;
 
   postPatch = ''
     patch interfaces/cc/aspell.h < ${./clang.patch}
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-12 16:01:42 +0000