diff options
| -rw-r--r-- | NEWS | 4 | ||||
| -rw-r--r-- | src/common.c | 2 |
2 files changed, 5 insertions, 1 deletions
@@ -19,6 +19,10 @@ Here is a history of user visible changes to Mailman. - Several cross-site scripting issues have been fixed. Thanks to Moritz Naumann for their discovery. CVE-2006-3636 + - Fixed an unexploitable format string vulnerability. Discovery and fix + by Karl Chen. Analysis of non-exploitability by Martin 'Joey' Schulze. + Also thanks go to Lionel Elie Mamane. CVE-2006-2191. + Internationalization - New languages: Arabic, Vietnamese. diff --git a/src/common.c b/src/common.c index e46a2b09..62ed7657 100644 --- a/src/common.c +++ b/src/common.c @@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...) printf("The Mailman CGI wrapper encountered a fatal error. "); printf("This entry is being stored in your syslog:"); printf("\n<pre>\n"); - printf(log_entry); + printf("%s", log_entry); printf("</pre>\n"); } else |