Subject: gpsd: remote security problem with format strings Package: gpsd Severity: grave Justification: user security hole Tags: security
Hello, a remote security problem with format strings has been reported: http://seclists.org/lists/fulldisclosure/2005/Jan/0843.html The patch is changing all instances of: syslog(BLAH, str); to: syslog(BLAH, "%s", str); // Ulf Harnhammar -- System Information: Debian Release: 3.1 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing') Architecture: i386 (i686) Kernel: Linux 2.6.8-2-686 Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
