Package: gxneur
Version: 0.9.1-1
Severity: normal
Tags: patch
User: [EMAIL PROTECTED]
Usertags: origin-ubuntu jaunty ubuntu-patch
Hi,
Ubuntu uses a compiler that checks for instances of "format not a string
literal and no format arguments" and it showed that your package suffers
from this.
This issue can be a security vulnerability if an attacker can control
the value of the printed string, or can just cause crashes if not,
so it is best to correct it.
The attached patch is what I used to rectify this, please consider
applying it.
Thanks,
James
diff -urNad gxneur-0.9.1~/src/misc.c gxneur-0.9.1/src/misc.c
--- gxneur-0.9.1~/src/misc.c 2008-07-23 20:52:52.000000000 +0100
+++ gxneur-0.9.1/src/misc.c 2008-11-27 11:39:53.000000000 +0000
@@ -79,7 +79,7 @@
GTK_DIALOG_DESTROY_WITH_PARENT,
GTK_MESSAGE_ERROR,
GTK_BUTTONS_CLOSE,
-
buffer);
+
"%s", buffer);
gtk_dialog_run (GTK_DIALOG (dialog));
gtk_widget_destroy (dialog);
