Package: smstools Version: 1.16-1+b1 Severity: grave Justification: user security hole Tags: security
*** Please type your report below this line *** A DSA has just been released for smstools due to an insecure usage of syslog in the logging code. The following patch will correct the issue: --- smstools-1.14.8.orig/src/logging.c +++ smstools-1.14.8/src/logging.c @@ -78,7 +78,7 @@ va_end(argp); if (Filehandle<0) { - syslog(severity,text); + syslog(severity,"%s",text); } else { Steve -- -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.12.6-xen Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1) Versions of packages smstools depends on: ii libc6 2.3.5-11 GNU C Library: Shared libraries an ii libmm14 1.4.0-1 Shared memory library - runtime smstools recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]