This is a formating string vulnerability. It is almost certainly exploitable. I have attached the trivial patch.
** Attachment added: "FormatStringVuln.diff" http://launchpadlibrarian.net/24493303/FormatStringVuln.diff -- kdesudo crashed with SIGSEGV in strlen() https://bugs.launchpad.net/bugs/281877 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
