Vulnerability patch submitted by "Sitic Vulnerability Advisory <sitic@pts.se>"

svn path=/trunk/; revision=30002

2 files changed, 9 insertions, 3 deletions

diff --git a/addressbook/ChangeLog b/addressbook/ChangeLog
index deae14c922..f215393e2a 100644
--- a/addressbook/ChangeLog
+++ b/addressbook/ChangeLog
@@ -1,5 +1,11 @@
 2005-03-05  Sushma Rai  <rsushma@novell.com>
 
+	* gui/widgets/eab-contact-display.c (render_contact): Using 
+	gtk_html_stream_printf() with format specifier. Vulnerability patch
+	submitted by "Sitic Vulnerability Advisory <sitic@pts.se>"
+
+2005-03-05  Sushma Rai  <rsushma@novell.com>
+
 	* importers/evolution-ldif-importer.c (ldif_import): Initialize gci->size to
 	the file size, which is used for indicationg the import progress. Fixes the
 	crash due to devide by zero, while importing more than fifty contacts.
diff --git a/addressbook/gui/widgets/eab-contact-display.c b/addressbook/gui/widgets/eab-contact-display.c
index 95e0893b1b..8613d92e3e 100644
--- a/addressbook/gui/widgets/eab-contact-display.c
+++ b/addressbook/gui/widgets/eab-contact-display.c
@@ -353,7 +353,7 @@ render_contact (GtkHTMLStream *html_stream, EContact *contact)
 	accum_multival_attribute (accum, contact, _("Yahoo"), E_CONTACT_IM_YAHOO, YAHOO_ICON, 0);
 
 	if (accum->len > 0)
-		gtk_html_stream_printf (html_stream, accum->str);
+		gtk_html_stream_printf (html_stream, "%s", accum->str);
 
 	end_block (html_stream);
 
@@ -368,7 +368,7 @@ render_contact (GtkHTMLStream *html_stream, EContact *contact)
 
 	if (accum->len > 0) {
 		start_block (html_stream, _("work"));
-		gtk_html_stream_printf (html_stream, accum->str);
+		gtk_html_stream_printf (html_stream, "%s", accum->str);
 		end_block (html_stream);
 	}
 
@@ -383,7 +383,7 @@ render_contact (GtkHTMLStream *html_stream, EContact *contact)
 
 	if (accum->len > 0) {
 		start_block (html_stream, _("personal"));
-		gtk_html_stream_printf (html_stream, accum->str);
+		gtk_html_stream_printf (html_stream, "%s", accum->str);
 		end_block (html_stream);
 	}