diff options
| author | bwarsaw <> | 2006-09-11 12:13:08 +0000 |
|---|---|---|
| committer | bwarsaw <> | 2006-09-11 12:13:08 +0000 |
| commit | 374e50f91ac9675589a9752322f0a42069ebd9c3 (patch) | |
| tree | 88de4e372fad2990bf7596d68ef4396de1b66f94 /src | |
| parent | b214da0b5df97023c56fbb5619b553dff93faf7d (diff) | |
| download | mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.gz mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.tar.xz mailman2-374e50f91ac9675589a9752322f0a42069ebd9c3.zip | |
Fix an unexploitable format string vulnerability. Even though unexploitable,
it's still crappy coding that should be fixed. CVE-2006-2191. Thanks go to
Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.
Diffstat (limited to 'src')
| -rw-r--r-- | src/common.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/common.c b/src/common.c index e46a2b09..62ed7657 100644 --- a/src/common.c +++ b/src/common.c @@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...) printf("The Mailman CGI wrapper encountered a fatal error. "); printf("This entry is being stored in your syslog:"); printf("\n<pre>\n"); - printf(log_entry); + printf("%s", log_entry); printf("</pre>\n"); } else |