From: Ludovic Rousseau <rousseau@debian.org>
Date: Fri Aug  2 17:36:39 CEST 2019
Subject: use snprintf() instead of sprintf()

Bug-Debian: http://bugs.debian.org/932145
Description: Fix CVE-2019-1010301

--- a/gpsinfo.c
+++ b/gpsinfo.c
@@ -148,7 +148,7 @@
                     Values[a] = ConvertAnyFormat(ValuePtr+a*ComponentSize, Format);
                 }
 
-                sprintf(TempString, FmtString, Values[0], Values[1], Values[2]);
+                snprintf(TempString, sizeof TempString, FmtString, Values[0], Values[1], Values[2]);
 
                 if (Tag == TAG_GPS_LAT){
                     strncpy(ImageInfo.GpsLat+2, TempString, 29);
