Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 30 Jan 2012 19:26:34 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: gnusound 0.7.5 file name handling format string issue

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654270#24

Package: gnusound
Version: 0.7.5-3
Severity: serious

which was the last release in 2008.

diff --git a/src/gtk2/gui_dialogs.c b/src/gtk2/gui_dialogs.c
index e85cf88..540e67a 100644
--- a/src/gtk2/gui_dialogs.c
+++ b/src/gtk2/gui_dialogs.c
@@ -56,6 +56,7 @@ gui_yes_no(const char *title,
                                     GTK_DIALOG_MODAL,
                                     GTK_MESSAGE_QUESTION,
                                     GTK_BUTTONS_YES_NO,
+                                    "%s",
                                     message);
     button = gtk_dialog_run(GTK_DIALOG(dialog));
     switch(button) {
@@ -95,6 +96,7 @@ gui_alert(const char *format,
                                     GTK_DIALOG_MODAL,
                                     GTK_MESSAGE_INFO,
                                     GTK_BUTTONS_CLOSE,
+                                    "%s",
                                     wordwrap(message, 60));
     gtk_dialog_run(GTK_DIALOG(dialog));
     gtk_widget_destroy(dialog);


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ