[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Please unblock freepops 0.2.7-3

The version I've just uploaded fixes an important (security?) bug with a
one line patch, please unblock it.

diff -ruN freepops-0.2.7-old/debian/changelog freepops-0.2.7/debian/changelog
--- freepops-0.2.7-old/debian/changelog	2009-01-15 21:18:58.000000000 +0100
+++ freepops-0.2.7/debian/changelog	2009-01-15 21:19:07.000000000 +0100
@@ -1,3 +1,11 @@
+freepops (0.2.7-3) unstable; urgency=low
+
+  * Cherry picked patch from uptream cvs to fix a misues of syslog 
+    that can potentially lead to crash or information leak 
+  * Acknowledge NMU by bubulle
+
+ -- Enrico Tassi <gareuselesinge@debian.org>  Thu, 15 Jan 2009 21:06:50 +0100
+
 freepops (0.2.7-2.2) unstable; urgency=low
 
   * Non-maintainer upload.
diff -ruN freepops-0.2.7-old/modules/src/log/log.c freepops-0.2.7/modules/src/log/log.c
--- freepops-0.2.7-old/modules/src/log/log.c	2008-06-11 21:22:35.000000000 +0200
+++ freepops-0.2.7/modules/src/log/log.c	2009-01-15 21:19:07.000000000 +0100
@@ -311,7 +311,7 @@
 #ifndef WIN32
 	if (do_syslog) {
 		// syslog adds date and process name
-		syslog(LOG_DEBUG, logstr);
+		syslog(LOG_DEBUG, "%s", logstr);
 	} else {
 #endif
 		
-- 
Enrico Tassi
Reply to: