From ecf37caff985ebb12603630564984a78deee182e Mon Sep 17 00:00:00 2001 From: joey Date: Sat, 17 Feb 2007 21:34:42 +0000 Subject: [PATCH] * Avoid potential syslog format string issue, although only older versions of perl are vulnerable and it is not known to really be exploitable from ikiwiki. --- IkiWiki.pm | 2 +- debian/changelog | 5 ++++- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/IkiWiki.pm b/IkiWiki.pm index 5f0dca385..2392c787b 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -174,7 +174,7 @@ sub log_message ($$) { #{{{ $log_open=1; } eval { - Sys::Syslog::syslog($type, join(" ", @_)); + Sys::Syslog::syslog($type, "%s", join(" ", @_)); } } elsif (! $config{cgi}) { diff --git a/debian/changelog b/debian/changelog index 2c7ded1fa..ee88086ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -26,8 +26,11 @@ ikiwiki (1.43) UNRELEASED; urgency=low * Add a prettydate plugin that formats dates in a more readable fashion. (I had to get a pretty date somehow today..) * Updated Czech translation. + * Avoid potential syslog format string issue, although only older versions + of perl are vulnerable and it is not known to really be exploitable from + ikiwiki. - -- Joey Hess Sat, 17 Feb 2007 14:02:32 -0500 + -- Joey Hess Sat, 17 Feb 2007 16:32:35 -0500 ikiwiki (1.42) unstable; urgency=low -- 2.26.2