[pkg-otr-team] [irssi-plugin-otr] 01/01: Imported Debian patch 3.2.0-5+squeeze1

[Holger Levsen]

This is an automated email from the git hooks/post-receive script.

holger pushed a commit to annotated tag debian/3.2.0-5+squeeze1
in repository irssi-plugin-otr.

commit fca9d1fa3f9786959ba9ea4d39203491dfcb80bb
Author: Jonathan Wiltshire <jmw at debian.org>
Date:   Sat May 19 17:46:00 2012 +0100

    Imported Debian patch 3.2.0-5+squeeze1
---
 debian/changelog | 8 ++++++++
 otr-plugin.c     | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index fbcce3b..e1e9e07 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+pidgin-otr (3.2.0-5+squeeze1) stable-security; urgency=high
+
+  * Non-maintainer upload by the Security Team.
+  * CVE-2012-2369: Fix format vulnerability in log messages
+    (Closes: #673154)
+
+ -- Jonathan Wiltshire <jmw at debian.org>  Sat, 19 May 2012 17:46:00 +0100
+
 pidgin-otr (3.2.0-5) unstable; urgency=low
 
   * Fix key generation to use /dev/urandom with more recent libgcrypt
diff --git a/otr-plugin.c b/otr-plugin.c
index 05281b7..c60466a 100644
--- a/otr-plugin.c
+++ b/otr-plugin.c
@@ -296,7 +296,7 @@ static void still_secure_cb(void *opdata, ConnContext *context, int is_reply)
 
 static void log_message_cb(void *opdata, const char *message)
 {
-    purple_debug_info("otr", message);
+    purple_debug_info("otr", "%s", message);
 }
 
 static int max_message_size_cb(void *opdata, ConnContext *context)

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-otr/packages/irssi-plugin-otr.git