The following commit has been merged in the sid branch:
commit dbbd15fe8d972b4f8f3a4d94934a99c507cf0596
Author: Guillem Jover <guil...@debian.org>
Date: Wed Sep 1 08:15:38 2010 +0200
u-a: Fix possible segfault if master_file contains a format specifier
The input does not get sanitized, and as such the user could end up
registering a file containing format string specifiers, which would
make the pr() call most probably segfault trying to access an invalid
pointer.
Reported-by: Sandro Cazzaniga <cazzaniga.san...@gmail.com>
diff --git a/debian/changelog b/debian/changelog
index 35bbbde..b037f3d 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,9 @@ dpkg (1.15.8.5) UNRELEASED; urgency=low
Thanks to The Fungi <fu...@yuggoth.org>. Closes: #593628
* Add gettext plurals infrastructure support.
* Add gettext messages for plural forms. Closes: #594218
+ * Fix possible but improbable segfault in update-alternatives in case
+ the master file name contains a format string specifier. Reported by
+ Sandro Cazzaniga.
[ Raphaƫl Hertzog ]
* Fix dpkg-genchanges to not split the short description in the middle of a
diff --git a/utils/update-alternatives.c b/utils/update-alternatives.c
index 7c609ea..1636225 100644
--- a/utils/update-alternatives.c
+++ b/utils/update-alternatives.c
@@ -1412,7 +1412,7 @@ alternative_display_list(struct alternative *a)
struct fileset *fs;
for (fs = a->choices; fs; fs = fs->next)
- pr(fs->master_file);
+ pr("%s", fs->master_file);
}
static const char *
--
dpkg's main repository
--
To UNSUBSCRIBE, email to debian-dpkg-cvs-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
