Package: gxneur Version: 0.9.1-1 Severity: normal Tags: patch User: [EMAIL PROTECTED] Usertags: origin-ubuntu jaunty ubuntu-patch
Hi, Ubuntu uses a compiler that checks for instances of "format not a string literal and no format arguments" and it showed that your package suffers from this. This issue can be a security vulnerability if an attacker can control the value of the printed string, or can just cause crashes if not, so it is best to correct it. The attached patch is what I used to rectify this, please consider applying it. Thanks, James
diff -urNad gxneur-0.9.1~/src/misc.c gxneur-0.9.1/src/misc.c --- gxneur-0.9.1~/src/misc.c 2008-07-23 20:52:52.000000000 +0100 +++ gxneur-0.9.1/src/misc.c 2008-11-27 11:39:53.000000000 +0000 @@ -79,7 +79,7 @@ GTK_DIALOG_DESTROY_WITH_PARENT, GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, - buffer); + "%s", buffer); gtk_dialog_run (GTK_DIALOG (dialog)); gtk_widget_destroy (dialog);