From 374e50f91ac9675589a9752322f0a42069ebd9c3 Mon Sep 17 00:00:00 2001
From: bwarsaw <>
Date: Mon, 11 Sep 2006 12:13:08 +0000
Subject: Fix an unexploitable format string vulnerability.  Even though
 unexploitable, it's still crappy coding that should be fixed.  CVE-2006-2191.
  Thanks go to Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.

---
 NEWS         | 4 ++++
 src/common.c | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/NEWS b/NEWS
index 995c2cfd..d22baa65 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,10 @@ Here is a history of user visible changes to Mailman.
     - Several cross-site scripting issues have been fixed.  Thanks to Moritz
       Naumann for their discovery.  CVE-2006-3636
 
+    - Fixed an unexploitable format string vulnerability.  Discovery and fix
+      by Karl Chen.  Analysis of non-exploitability by Martin 'Joey' Schulze.
+      Also thanks go to Lionel Elie Mamane.  CVE-2006-2191.
+
   Internationalization
 
     - New languages: Arabic, Vietnamese.
diff --git a/src/common.c b/src/common.c
index e46a2b09..62ed7657 100644
--- a/src/common.c
+++ b/src/common.c
@@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...)
                 printf("The Mailman CGI wrapper encountered a fatal error. ");
                 printf("This entry is being stored in your syslog:");
                 printf("\n<pre>\n");
-                printf(log_entry);
+                printf("%s", log_entry);
                 printf("</pre>\n");
         }
         else
-- 
cgit v1.2.3