$NetBSD: patch-ag,v 1.1 2007/06/22 14:34:16 lkundrak Exp $

Fix for CVE-2007-3316 format-string vulnerability in Vorbis module described
by VideoLAN-SA-0702 advisory.  Backported from 0.8.6c.

--- modules/codec/vorbis.c.orig	2007-06-22 16:27:51.000000000 +0200
+++ modules/codec/vorbis.c
@@ -496,7 +496,7 @@ static void ParseVorbisComments( decoder
             *psz_value = '\0';
             psz_value++;
             input_Control( p_input, INPUT_ADD_INFO, _("Vorbis comment"),
-                           psz_name, psz_value );
+                           psz_name, "%s", psz_value );
         }
         free( psz_comment );
         i++;
