Security fix for SA17028:

"A vulnerability in Weex can be exploited by malicious users to cause a DoS (Denial of Service) or to compromise a vulnerable system. The vulnerability is caused due to a format string error in the "log_flush()" function when flushing an error log entry that contains format string specifiers to disk. This may be exploited to execute arbitrary code on a user's system via a directory name containing format string specifiers. Successful exploitation requires that the attacker is able to create directories within the user's Weex home directory." http://secunia.com/advisories/17028/ Patch from FreeBSD PR ports/86833.
author: salo <salo@pkgsrc.org> 2005-10-05 13:38:13 +0000
committer: salo <salo@pkgsrc.org> 2005-10-05 13:38:13 +0000
commit: 35e59726bc366261d5fd65128b426b333fd0b78f (patch)
tree: 6bc69002f879a85ecad4ea5595251765034f0d36 /www/weex/patches
parent: 5c11268df7a1edc65c6fe94d70f29b8e933390d7 (diff)
download: pkgsrc-35e59726bc366261d5fd65128b426b333fd0b78f.tar.gz
1 files changed, 15 insertions, 0 deletions
diff --git a/www/weex/patches/patch-ad b/www/weex/patches/patch-ad
new file mode 100644
index 00000000000..e39e4e52e4f
--- /dev/null
+++ b/www/weex/patches/patch-ad
@@ -0,0 +1,15 @@
+$NetBSD: patch-ad,v 1.1 2005/10/05 13:38:13 salo Exp $
+
+Fix for SA17028, via FreeBSD.
+
+--- src/log.c.orig	2000-05-03 16:42:05.000000000 +0200
++++ src/log.c	2005-10-05 15:31:06.000000000 +0200
+@@ -182,7 +182,7 @@
+ 
+ 	fp=log_open();
+ 	for(i=0;i<max_log;i++){
+-		fprintf(fp,log_str[i]);
++		fprintf(fp,"%s",log_str[i]);
+ 		free(log_str[i]);
+ 	}
+ 	free(log_str);
author	salo <salo@pkgsrc.org>	2005-10-05 13:38:13 +0000
committer	salo <salo@pkgsrc.org>	2005-10-05 13:38:13 +0000
commit	35e59726bc366261d5fd65128b426b333fd0b78f (patch)
tree	6bc69002f879a85ecad4ea5595251765034f0d36 /www/weex/patches
parent	5c11268df7a1edc65c6fe94d70f29b8e933390d7 (diff)
download	pkgsrc-35e59726bc366261d5fd65128b426b333fd0b78f.tar.gz