The version I've just uploaded fixes an important (security?) bug with a one line patch, please unblock it.
diff -ruN freepops-0.2.7-old/debian/changelog freepops-0.2.7/debian/changelog --- freepops-0.2.7-old/debian/changelog 2009-01-15 21:18:58.000000000 +0100 +++ freepops-0.2.7/debian/changelog 2009-01-15 21:19:07.000000000 +0100 @@ -1,3 +1,11 @@ +freepops (0.2.7-3) unstable; urgency=low + + * Cherry picked patch from uptream cvs to fix a misues of syslog + that can potentially lead to crash or information leak + * Acknowledge NMU by bubulle + + -- Enrico Tassi <[email protected]> Thu, 15 Jan 2009 21:06:50 +0100 + freepops (0.2.7-2.2) unstable; urgency=low * Non-maintainer upload. diff -ruN freepops-0.2.7-old/modules/src/log/log.c freepops-0.2.7/modules/src/log/log.c --- freepops-0.2.7-old/modules/src/log/log.c 2008-06-11 21:22:35.000000000 +0200 +++ freepops-0.2.7/modules/src/log/log.c 2009-01-15 21:19:07.000000000 +0100 @@ -311,7 +311,7 @@ #ifndef WIN32 if (do_syslog) { // syslog adds date and process name - syslog(LOG_DEBUG, logstr); + syslog(LOG_DEBUG, "%s", logstr); } else { #endif -- Enrico Tassi -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
