oss-sec mailing list archives

gnusound 0.7.5 file name handling format string issue

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 30 Jan 2012 19:26:34 -0700

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=654270#24

Package: gnusound
Version: 0.7.5-3
Severity: serious

which was the last release in 2008.

diff --git a/src/gtk2/gui_dialogs.c b/src/gtk2/gui_dialogs.c
index e85cf88..540e67a 100644
--- a/src/gtk2/gui_dialogs.c
+++ b/src/gtk2/gui_dialogs.c
@@ -56,6 +56,7 @@ gui_yes_no(const char *title,
                                     GTK_DIALOG_MODAL,
                                     GTK_MESSAGE_QUESTION,
                                     GTK_BUTTONS_YES_NO,
+                                    "%s",
                                     message);
     button = gtk_dialog_run(GTK_DIALOG(dialog));
     switch(button) {
@@ -95,6 +96,7 @@ gui_alert(const char *format,
                                     GTK_DIALOG_MODAL,
                                     GTK_MESSAGE_INFO,
                                     GTK_BUTTONS_CLOSE,
+                                    "%s",
                                     wordwrap(message, 60));
     gtk_dialog_run(GTK_DIALOG(dialog));
     gtk_widget_destroy(dialog);


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Current thread:

gnusound 0.7.5 file name handling format string issue Kurt Seifried (Jan 30)
- Re: gnusound 0.7.5 file name handling format string issue Kurt Seifried (Jan 30)