[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] gnusound 0.7.5 file name handling format string issue
From: Kurt Seifried <kseifried () redhat ! com>
Date: 2012-01-31 2:29:18
Message-ID: 4F2751FE.5010502 () redhat ! com
[Download RAW message or body]
On 01/30/2012 07:26 PM, Kurt Seifried wrote:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654270#24
>
> Package: gnusound
> Version: 0.7.5-3
> Severity: serious
>
> which was the last release in 2008.
>
> diff --git a/src/gtk2/gui_dialogs.c b/src/gtk2/gui_dialogs.c
> index e85cf88..540e67a 100644
> --- a/src/gtk2/gui_dialogs.c
> +++ b/src/gtk2/gui_dialogs.c
> @@ -56,6 +56,7 @@ gui_yes_no(const char *title,
> GTK_DIALOG_MODAL,
> GTK_MESSAGE_QUESTION,
> GTK_BUTTONS_YES_NO,
> + "%s",
> message);
> button = gtk_dialog_run(GTK_DIALOG(dialog));
> switch(button) {
> @@ -95,6 +96,7 @@ gui_alert(const char *format,
> GTK_DIALOG_MODAL,
> GTK_MESSAGE_INFO,
> GTK_BUTTONS_CLOSE,
> + "%s",
> wordwrap(message, 60));
> gtk_dialog_run(GTK_DIALOG(dialog));
> gtk_widget_destroy(dialog);
>
>
Please use CVE-2012-0824 for this issue.
--
Kurt Seifried Red Hat Security Response Team (SRT)
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic