On Jan 18, 07 09:18:46 +0100, Reinhard Tartler wrote:
> I just got the following bugreport on xine-ui. Could you have a look at
> it and tell me if you think there is a vulnerability? In this case, I'd
> have to update the xine-ui package despite debian's freeze. To be sure,
> I wanted to check with you. Here we go:
This is already fixed in CVS.
> | Format string vulnerability in the errors_create_window function in
> | errors.c in xine-ui allows attackers to execute arbitrary code via
> | unknown vectors.
>
> I take a look at the errors_create_window function in errors.c, the
> vulnerable code seems to be on line 67 :
>
> | xw = xitk_window_dialog_two_buttons_with_width(gGui->imlib_data, title,
> | _("Done"), _("More..."),
> | NULL, _errors_display_log,
> | NULL, 400, ALIGN_CENTER,
> | "%s", message);
This used to be .... NULL, 400, ALIGN_CENTER, message);
("%s", missing), which was indeed vulnerable.
Thanks
Matthias
--
Matthias Hopf <[EMAIL PROTECTED]> __ __ __
Maxfeldstr. 5 / 90409 Nuernberg (_ | | (_ |__ [EMAIL PROTECTED]
Phone +49-911-74053-715 __) |_| __) |__ R & D www.mshopf.de
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
