diff options
| author | Matthew Barnes <mbarnes@redhat.com> | 2007-03-30 04:35:21 +0800 |
|---|---|---|
| committer | Matthew Barnes <mbarnes@src.gnome.org> | 2007-03-30 04:35:21 +0800 |
| commit | b4d53dc2cd400148adfa4791caa68f9401a34e5e (patch) | |
| tree | ea1d720dcbcdd29bf9f878e48426415417c93683 | |
| parent | fa7f17c5621c521f6a1f3c6c3ea4513c0ba926bb (diff) | |
| download | gsoc2013-evolution-b4d53dc2cd400148adfa4791caa68f9401a34e5e.tar.gz gsoc2013-evolution-b4d53dc2cd400148adfa4791caa68f9401a34e5e.tar.zst gsoc2013-evolution-b4d53dc2cd400148adfa4791caa68f9401a34e5e.zip | |
Use a format string ("%s") when passing uncontrolled data to a
2007-03-29 Matthew Barnes <mbarnes@redhat.com>
* gui/e-cal-component-memo-preview.c (write_html):
Use a format string ("%s") when passing uncontrolled data to a
printf-style function (CVE-2007-1002).
svn path=/branches/gnome-2-18/; revision=33343
| -rw-r--r-- | calendar/ChangeLog | 6 | ||||
| -rw-r--r-- | calendar/gui/e-cal-component-memo-preview.c | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/calendar/ChangeLog b/calendar/ChangeLog index cfdf9bfb10..acf31bff53 100644 --- a/calendar/ChangeLog +++ b/calendar/ChangeLog @@ -1,3 +1,9 @@ +2007-03-29 Matthew Barnes <mbarnes@redhat.com> + + * gui/e-cal-component-memo-preview.c (write_html): + Use a format string ("%s") when passing uncontrolled data to a + printf-style function (CVE-2007-1002). + 2007-03-05 Chenthill Palanisamy <pchenthill@novell.com> * gui/dialogs/event-page.c: (event_page_fill_component): Set the diff --git a/calendar/gui/e-cal-component-memo-preview.c b/calendar/gui/e-cal-component-memo-preview.c index 192ad70ee1..07b2f79964 100644 --- a/calendar/gui/e-cal-component-memo-preview.c +++ b/calendar/gui/e-cal-component-memo-preview.c @@ -185,7 +185,7 @@ write_html (GtkHTMLStream *stream, ECal *ecal, ECalComponent *comp, icaltimezone } } - gtk_html_stream_printf(stream, string->str); + gtk_html_stream_printf(stream, "%s", string->str); g_string_free (string, TRUE); |