Author: radek Date: Tue Jun 6 13:44:08 2006 GMT Module: SOURCES Tag: HEAD ---- Log message: - CVE-2005-1121
---- Files affected: SOURCES: oops-CVE-2005-1121.patch (NONE -> 1.1) (NEW) ---- Diffs: ================================================================ Index: SOURCES/oops-CVE-2005-1121.patch diff -u /dev/null SOURCES/oops-CVE-2005-1121.patch:1.1 --- /dev/null Tue Jun 6 15:44:08 2006 +++ SOURCES/oops-CVE-2005-1121.patch Tue Jun 6 15:44:03 2006 @@ -0,0 +1,31 @@ +http://rst.void.ru/papers/advisory24.txt + +--- oops-1.5.23/src/modules/passwd_sql.c.orig 2002-03-09 18:46:02.000000000 +0100 ++++ oops-1.5.23/src/modules/passwd_sql.c 2006-05-14 23:20:25.787160500 +0200 +@@ -419,7 +419,7 @@ + sprintf(logbuf,"make_sqlselect(): Connection to database '%s' failed (error=%s)\n", + sql.database,PQerrorMessage(conn) + ); +- my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, logbuf); ++ my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, "%s", logbuf); + goto exit; + } + +@@ -482,7 +482,7 @@ + sprintf(logbuf,"make_sqlselect(): Connection to database '%s' failed (error=%s)\n", + sql.database,mysql_error(mysql) + ); +- my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, logbuf); ++ my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, "%s", logbuf); + goto exit; + } + +@@ -570,7 +570,7 @@ + rq->url.host, + rq->method + ); +- my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM,logbuf); ++ my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, "%s", logbuf); + + if ( rq->av_pairs) + authorization = attr_value(rq->av_pairs, "Proxy-Authorization"); ================================================================ _______________________________________________ pld-cvs-commit mailing list [email protected] http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit
