aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorbwarsaw <>2006-09-11 12:13:08 +0000
committerbwarsaw <>2006-09-11 12:13:08 +0000
commit374e50f91ac9675589a9752322f0a42069ebd9c3 (patch)
tree88de4e372fad2990bf7596d68ef4396de1b66f94
parentb214da0b5df97023c56fbb5619b553dff93faf7d (diff)
downloadmailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.gz
mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.xz
mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.zip
Fix an unexploitable format string vulnerability. Even though unexploitable,
it's still crappy coding that should be fixed. CVE-2006-2191. Thanks go to Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.
-rw-r--r--NEWS4
-rw-r--r--src/common.c2
2 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 995c2cfd..d22baa65 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ Here is a history of user visible changes to Mailman.
- Several cross-site scripting issues have been fixed. Thanks to Moritz
Naumann for their discovery. CVE-2006-3636
+ - Fixed an unexploitable format string vulnerability. Discovery and fix
+ by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze.
+ Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
+
Internationalization
- New languages: Arabic, Vietnamese.
diff --git a/src/common.c b/src/common.c
index e46a2b09..62ed7657 100644
--- a/src/common.c
+++ b/src/common.c
@@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...)
printf("The Mailman CGI wrapper encountered a fatal error. ");
printf("This entry is being stored in your syslog:");
printf("\n<pre>\n");
- printf(log_entry);
+ printf("%s", log_entry);
printf("</pre>\n");
}
else