Please unblock freepops 0.2.7-3
The version I've just uploaded fixes an important (security?) bug with a
one line patch, please unblock it.
diff -ruN freepops-0.2.7-old/debian/changelog freepops-0.2.7/debian/changelog
--- freepops-0.2.7-old/debian/changelog 2009-01-15 21:18:58.000000000 +0100
+++ freepops-0.2.7/debian/changelog 2009-01-15 21:19:07.000000000 +0100
@@ -1,3 +1,11 @@
+freepops (0.2.7-3) unstable; urgency=low
+
+ * Cherry picked patch from uptream cvs to fix a misues of syslog
+ that can potentially lead to crash or information leak
+ * Acknowledge NMU by bubulle
+
+ -- Enrico Tassi <gareuselesinge@debian.org> Thu, 15 Jan 2009 21:06:50 +0100
+
freepops (0.2.7-2.2) unstable; urgency=low
* Non-maintainer upload.
diff -ruN freepops-0.2.7-old/modules/src/log/log.c freepops-0.2.7/modules/src/log/log.c
--- freepops-0.2.7-old/modules/src/log/log.c 2008-06-11 21:22:35.000000000 +0200
+++ freepops-0.2.7/modules/src/log/log.c 2009-01-15 21:19:07.000000000 +0100
@@ -311,7 +311,7 @@
#ifndef WIN32
if (do_syslog) {
// syslog adds date and process name
- syslog(LOG_DEBUG, logstr);
+ syslog(LOG_DEBUG, "%s", logstr);
} else {
#endif
--
Enrico Tassi
Reply to: