From http://ftp.gnu.org/pub/gnu/readline/readline-6.3-patches/readline63-003 Signed-off-by: Gustavo Zacarias READLINE PATCH REPORT ===================== Readline-Release: 6.3 Patch-ID: readline63-003 Bug-Reported-by: Bug-Reference-ID: Bug-Reference-URL: Bug-Description: There are debugging functions in the readline release that are theoretically exploitable as security problems. They are not public functions, but have global linkage. Patch (apply with `patch -p0'): *** a/readline-6.3/util.c 2013-09-02 13:36:12.000000000 -0400 --- b/util.c 2014-03-20 10:25:53.000000000 -0400 *************** *** 477,480 **** --- 479,483 ---- } + #if defined (DEBUG) #if defined (USE_VARARGS) static FILE *_rl_tracefp; *************** *** 539,542 **** --- 542,546 ---- } #endif + #endif /* DEBUG */ *** a/readline-6.3/patchlevel 2013-11-15 08:11:11.000000000 -0500 --- b/patchlevel 2014-03-21 08:28:40.000000000 -0400 *************** *** 1,3 **** # Do not edit -- exists only for use by patch ! 2 --- 1,3 ---- # Do not edit -- exists only for use by patch ! 3