Dnia piątek, 6 sierpnia 2004 02:46, Josh Martin napisał: > Package: info > Version: 4.7-2.1 > Severity: grave > Tags: security > Justification: user security hole 'Severe' is to severe a word, but for anybody who's interested, here goes a patch: diff -urN texinfo-4.7/info/echo-area.c texinfo-4.7.patch/info/echo-area.c --- texinfo-4.7/info/echo-area.c 2004-03-14 01:57:29.000000000 +0100 +++ texinfo-4.7.patch/info/echo-area.c 2004-08-07 01:06:49.000000000 +0200 @@ -1510,8 +1510,8 @@ text[i] = 0; echo_area_initialize_node (); - sprintf (&input_line[input_line_end], "%s[%s]\n", - echo_area_is_active ? " ": "", text); + snprintf (&input_line[input_line_end], EA_MAX_INPUT + 1 - input_line_end, + "%s[%s]\n", echo_area_is_active ? " ": "", text); free (text); the_echo_area->point = input_line_point; display_update_one_window (the_echo_area); -- /* Roman Werpachowski */ Ten e-mail został sprawdzony i zaakceptowany przez fretkę Tintin.
