* Avoid potential syslog format string issue, although only older versions

of perl are vulnerable and it is not known to really be exploitable from ikiwiki.
author: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2007-02-17 21:34:42 +0000
committer: joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> 2007-02-17 21:34:42 +0000
commit: ecf37caff985ebb12603630564984a78deee182e (patch)
tree: 24b69cfe3086cafda802c104d07655333f43465b
parent: 43be4c519e809f223f4440591848031f37355b3e (diff)
2 files changed, 5 insertions, 2 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm
index 5f0dca385..2392c787b 100644
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@@ -174,7 +174,7 @@ sub log_message ($$) { #{{{
 			$log_open=1;
 		}
 		eval {
-			Sys::Syslog::syslog($type, join(" ", @_));
+			Sys::Syslog::syslog($type, "%s", join(" ", @_));
 		}
 	}
 	elsif (! $config{cgi}) {
diff --git a/debian/changelog b/debian/changelog
index 2c7ded1fa..ee88086ff 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -26,8 +26,11 @@ ikiwiki (1.43) UNRELEASED; urgency=low
   * Add a prettydate plugin that formats dates in a more readable fashion.
     (I had to get a pretty date somehow today..)
   * Updated Czech translation.
+  * Avoid potential syslog format string issue, although only older versions
+    of perl are vulnerable and it is not known to really be exploitable from
+    ikiwiki.
 
- -- Joey Hess <joeyh@debian.org>  Sat, 17 Feb 2007 14:02:32 -0500
+ -- Joey Hess <joeyh@debian.org>  Sat, 17 Feb 2007 16:32:35 -0500
 
 ikiwiki (1.42) unstable; urgency=low
author	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2007-02-17 21:34:42 +0000
committer	joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071>	2007-02-17 21:34:42 +0000
commit	ecf37caff985ebb12603630564984a78deee182e (patch)
tree	24b69cfe3086cafda802c104d07655333f43465b
parent	43be4c519e809f223f4440591848031f37355b3e (diff)