tags 292347 pending thanks On Wed, 2005-01-26 at 15:06 +0100, Ulf Härnhammar wrote: > Subject: gpsd: remote security problem with format strings > Package: gpsd > Severity: grave > Justification: user security hole > Tags: security > > Hello, > > a remote security problem with format strings has been reported: > > http://seclists.org/lists/fulldisclosure/2005/Jan/0843.html > > The patch is changing all instances of: > > syslog(BLAH, str); > > to: > > syslog(BLAH, "%s", str); > > // Ulf Harnhammar > > -- System Information: > Debian Release: 3.1 > APT prefers unstable > APT policy: (500, 'unstable'), (500, 'testing') > Architecture: i386 (i686) > Kernel: Linux 2.6.8-2-686 > Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Thanks for the report, a package containing the fix is in preparation. Cheers, Til