diff options
| author | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-02-17 21:34:42 +0000 |
|---|---|---|
| committer | joey <joey@0fa5a96a-9a0e-0410-b3b2-a0fd24251071> | 2007-02-17 21:34:42 +0000 |
| commit | ecf37caff985ebb12603630564984a78deee182e (patch) | |
| tree | 24b69cfe3086cafda802c104d07655333f43465b | |
| parent | 43be4c519e809f223f4440591848031f37355b3e (diff) | |
* Avoid potential syslog format string issue, although only older versions
of perl are vulnerable and it is not known to really be exploitable from
ikiwiki.
| -rw-r--r-- | IkiWiki.pm | 2 | ||||
| -rw-r--r-- | debian/changelog | 5 |
2 files changed, 5 insertions, 2 deletions
diff --git a/IkiWiki.pm b/IkiWiki.pm index 5f0dca385..2392c787b 100644 --- a/IkiWiki.pm +++ b/IkiWiki.pm @@ -174,7 +174,7 @@ sub log_message ($$) { #{{{ $log_open=1; } eval { - Sys::Syslog::syslog($type, join(" ", @_)); + Sys::Syslog::syslog($type, "%s", join(" ", @_)); } } elsif (! $config{cgi}) { diff --git a/debian/changelog b/debian/changelog index 2c7ded1fa..ee88086ff 100644 --- a/debian/changelog +++ b/debian/changelog @@ -26,8 +26,11 @@ ikiwiki (1.43) UNRELEASED; urgency=low * Add a prettydate plugin that formats dates in a more readable fashion. (I had to get a pretty date somehow today..) * Updated Czech translation. + * Avoid potential syslog format string issue, although only older versions + of perl are vulnerable and it is not known to really be exploitable from + ikiwiki. - -- Joey Hess <joeyh@debian.org> Sat, 17 Feb 2007 14:02:32 -0500 + -- Joey Hess <joeyh@debian.org> Sat, 17 Feb 2007 16:32:35 -0500 ikiwiki (1.42) unstable; urgency=low |