r16752 - in /desktop/unstable/yelp/debian: changelog patches/60_format-string.patch patches/series

lool at users.alioth.debian.org lool at users.alioth.debian.org
Wed Aug 13 13:06:13 UTC 2008 

Author: lool
Date: Wed Aug 13 13:06:12 2008
New Revision: 16752

URL: http://svn.debian.org/wsvn/pkg-gnome/?sc=1&rev=16752
Log:
SECURITY: New patch, 60_format-string, fixes format string vulnerability;
bump urgency to high; GNOME #546364; from SVN r3173; LP: #254860.

Added:
    desktop/unstable/yelp/debian/patches/60_format-string.patch
Modified:
    desktop/unstable/yelp/debian/changelog
    desktop/unstable/yelp/debian/patches/series

Modified: desktop/unstable/yelp/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/yelp/debian/changelog?rev=16752&op=diff
==============================================================================
--- desktop/unstable/yelp/debian/changelog (original)
+++ desktop/unstable/yelp/debian/changelog Wed Aug 13 13:06:12 2008
@@ -1,3 +1,10 @@
+yelp (2.22.1-4) unstable; urgency=high
+
+  * SECURITY: New patch, 60_format-string, fixes format string vulnerability;
+    bump urgency to high; GNOME #546364; from SVN r3173; LP: #254860.
+
+ -- Loic Minier <lool at dooz.org>  Wed, 13 Aug 2008 14:43:03 +0200
+
 yelp (2.22.1-3) unstable; urgency=low
 
   * 03_info_crasher.patch: new patch, fix crasher in the info parser.

Added: desktop/unstable/yelp/debian/patches/60_format-string.patch
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/yelp/debian/patches/60_format-string.patch?rev=16752&op=file
==============================================================================
--- desktop/unstable/yelp/debian/patches/60_format-string.patch (added)
+++ desktop/unstable/yelp/debian/patches/60_format-string.patch Wed Aug 13 13:06:12 2008
@@ -1,0 +1,23 @@
+Fixes format string vulnerability; GNOME #546364; from SVN r3173; LP: #254860.
+
+2008-08-12  Don Scorgie  <dscorgie at svn.gnome.org>
+
+	* src/yelp-window.c (window_error):
+	Fix string vulnerability
+	bug #546364 - patch from Christian Persch
+	reported by Aaron Grattafiori
+
+--- a/src/yelp-window.c	2008-04-07 20:16:39.000000000 +0200
++++ b/src/yelp-window.c	2008-08-13 15:04:52.000000000 +0200
+@@ -1152,9 +1152,9 @@
+ 	 GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT,
+ 	 GTK_MESSAGE_ERROR,
+ 	 GTK_BUTTONS_OK,
+-	 title);
++	 "%s", title);
+     gtk_message_dialog_format_secondary_markup
+-	(GTK_MESSAGE_DIALOG (dialog), message);
++	(GTK_MESSAGE_DIALOG (dialog), "%s", message);
+ 	 gtk_dialog_run (GTK_DIALOG (dialog));
+ 
+     gtk_widget_destroy (dialog);

Modified: desktop/unstable/yelp/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-gnome/desktop/unstable/yelp/debian/patches/series?rev=16752&op=diff
==============================================================================
--- desktop/unstable/yelp/debian/patches/series (original)
+++ desktop/unstable/yelp/debian/patches/series Wed Aug 13 13:06:12 2008
@@ -2,4 +2,5 @@
 02_man-utf8.patch
 03_info_crasher.patch
 04_use_doc-base.patch
+60_format-string.patch 
 70_autotools.patch

More information about the pkg-gnome-commits mailing list