Fix an unexploitable format string vulnerability. Even though unexploitable,

it's still crappy coding that should be fixed.  CVE-2006-2191.  Thanks go to
Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.

2 files changed, 5 insertions, 1 deletions

diff --git a/NEWS b/NEWS
index 995c2cfd..d22baa65 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ Here is a history of user visible changes to Mailman.
     - Several cross-site scripting issues have been fixed.  Thanks to Moritz
       Naumann for their discovery.  CVE-2006-3636
 
+    - Fixed an unexploitable format string vulnerability.  Discovery and fix
+      by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
+      Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.
+
   Internationalization
 
     - New languages: Arabic, Vietnamese.
diff --git a/src/common.c b/src/common.c
index e46a2b09..62ed7657 100644
--- a/src/common.c
+++ b/src/common.c
@@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...)
                 printf("The Mailman CGI wrapper encountered a fatal error. ");
                 printf("This entry is being stored in your syslog:");
                 printf("\n<pre>\n");
-                printf(log_entry);
+                printf("%s", log_entry);
                 printf("</pre>\n");
         }
         else