Fix CVE-2008-2149: buffer overflows by limiting the length of the string in sprintf
format string
Closes: #481186 (CVE-2008-2149)
Please note: The WordNet code contains several other occurences of potentially
exploitable functions like strcpy()/strcat()/...  and so even if there are no
known exploits the code needs a full security audit.

--- a/src/wn.c
+++ b/src/wn.c
@@ -206,7 +206,8 @@ static int searchwn(int ac, char *av[])
 		    outsenses += do_search(av[1], optptr->pos, optptr->search,
 					    whichsense, optptr->label);
 	    } else {
-		sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
+		/* Fix CVE-2008-2149: buffer overflows Andreas Tille <tille@debian.org> */
+		sprintf(tmpbuf, "wn: invalid search option: %.200s\n", av[j]);
 		display_message(tmpbuf);
 		errcount++;
 	    }
o-scripts</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Wojtek's customized Guix</td><td class='sub right'></td></tr></table>
<table class='tabs'><tr><td>
<a href='/guix/about/'>about</a><a href='/guix/'>summary</a><a href='/guix/refs/?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>refs</a><a class='active' href='/guix/log/tests/git.scm'>log</a><a href='/guix/tree/tests/git.scm?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>tree</a><a href='/guix/commit/tests/git.scm?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>commit</a><a href='/guix/diff/tests/git.scm?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>diff</a></td><td class='form'><form class='right' method='get' action='/guix/log/tests/git.scm'>
<input type='hidden' name='id' value='a56a3fa761ab3502e638d92c267bfe781eb176e4'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='search' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='path'>path: <a href='/guix/log/?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>root</a>/<a href='/guix/log/tests?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>tests</a>/<a href='/guix/log/tests/git.scm?id=a56a3fa761ab3502e638d92c267bfe781eb176e4'>git.scm</a></div><div class='content'><table class='list nowrap'><tr class='nohover'><th class='left'>Age</th><th class='left'>Commit message (<a href='/guix/log/tests/git.scm?id=a56a3fa761ab3502e638d92c267bfe781eb176e4&amp;showmsg=1'>Expand</a>)</th><th class='left'>Author</th></tr>
<tr><td><span title='2022-02-14 11:23:07 +0100'>2022-02-14</span></td><td><a href='/guix/commit/tests/git.scm?id=87d49346f3072f7b4343b6fb387ee5f9311493b7'>git: Add 'commit-descendant?'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2021-09-18 19:37:45 +0200'>2021-09-18</span></td><td><a href='/guix/commit/tests/git.scm?id=59ee10754eddddb99e4a80b9e18aa12ed1b3d77a'>import: Add 'generic-git' updater.</a><span class='msg-avail'>...</span></td><td>Xinglu Chen</td></tr>
<tr><td><span title='2020-06-09 00:34:52 +0200'>2020-06-09</span></td><td><a href='/guix/commit/tests/git.scm?id=72357e2170e88f73c11ff089f87a744cee8606ec'>git: 'commit-difference' really excludes the ancestors of #:excluded.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2020-05-25 00:00:28 +0200'>2020-05-25</span></td><td><a href='/guix/commit/tests/git.scm?id=c098c11be8eb9e0c12be42640721e3cb21c37628'>git: Add 'commit-relation'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-12-27 13:52:49 +0100'>2019-12-27</span></td><td><a href='/guix/commit/tests/git.scm?id=785af04a7574867dc940c791daa938a2432d0450'>git: 'commit-difference' takes a list of excluded commits.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>
<tr><td><span title='2019-09-23 10:38:43 +0200'>2019-09-23</span></td><td><a href='/guix/commit/tests/git.scm?id=873f6f1334ab06a69e768a8aea0054404237542f'>git: Add 'commit-difference'.</a><span class='msg-avail'>...</span></td><td>Ludovic Courtès</td></tr>