Package: smstools
Version: 1.16-1+b1
Severity: grave
Justification: user security hole
Tags: security
*** Please type your report below this line ***
A DSA has just been released for smstools due to an insecure
usage of syslog in the logging code.
The following patch will correct the issue:
--- smstools-1.14.8.orig/src/logging.c
+++ smstools-1.14.8/src/logging.c
@@ -78,7 +78,7 @@
va_end(argp);
if (Filehandle<0)
{
- syslog(severity,text);
+ syslog(severity,"%s",text);
}
else
{
Steve
--
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.12.6-xen
Locale: LANG=en_GB, LC_CTYPE=en_GB (charmap=ISO-8859-1)
Versions of packages smstools depends on:
ii libc6 2.3.5-11 GNU C Library: Shared libraries an
ii libmm14 1.4.0-1 Shared memory library - runtime
smstools recommends no packages.
-- no debconf information
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
