aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--NEWS4
-rw-r--r--src/common.c2
2 files changed, 5 insertions, 1 deletions
diff --git a/NEWS b/NEWS
index 995c2cfd..d22baa65 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ Here is a history of user visible changes to Mailman.
- Several cross-site scripting issues have been fixed. Thanks to Moritz
Naumann for their discovery. CVE-2006-3636
+ - Fixed an unexploitable format string vulnerability. Discovery and fix
+ by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze.
+ Also thanks go to Lionel Elie Mamane. CVE-2006-2191.
+
Internationalization
- New languages: Arabic, Vietnamese.
diff --git a/src/common.c b/src/common.c
index e46a2b09..62ed7657 100644
--- a/src/common.c
+++ b/src/common.c
@@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...)
printf("The Mailman CGI wrapper encountered a fatal error. ");
printf("This entry is being stored in your syslog:");
printf("\n<pre>\n");
- printf(log_entry);
+ printf("%s", log_entry);
printf("</pre>\n");
}
else