diff -u sylpheed-claws-gtk2-2.6.0/debian/patches/00list sylpheed-claws-gtk2-2.6.0/debian/patches/00list --- sylpheed-claws-gtk2-2.6.0/debian/patches/00list +++ sylpheed-claws-gtk2-2.6.0/debian/patches/00list @@ -5,0 +6,2 @@ +13security_2.10.0cvs153.dpatch + diff -u sylpheed-claws-gtk2-2.6.0/debian/changelog sylpheed-claws-gtk2-2.6.0/debian/changelog --- sylpheed-claws-gtk2-2.6.0/debian/changelog +++ sylpheed-claws-gtk2-2.6.0/debian/changelog @@ -1,3 +1,14 @@ +sylpheed-claws-gtk2 (2.6.0-1.1ubuntu2) feisty-security; urgency=low + + * SECURITY UPDATE: a format string error could lead to arbitrary + code execution. + * Add 'debian/patches/13security_2.10.0cvs153.dpatch': add format string to + alertpanel_error_log() call. Patch from upstream CVS. (Fixes LP: #136302) + * References + http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153&view=src/inc.c + + -- Cesare Tirabassi Thu, 06 Sep 2007 18:09:23 +0200 + sylpheed-claws-gtk2 (2.6.0-1.1ubuntu1) feisty; urgency=low * Merge from debian unstable, remaining changes: only in patch2: unchanged: --- sylpheed-claws-gtk2-2.6.0.orig/debian/patches/13security_2.10.0cvs153.dpatch +++ sylpheed-claws-gtk2-2.6.0/debian/patches/13security_2.10.0cvs153.dpatch @@ -0,0 +1,21 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 13security_2.10.0cvs153.dpatch by Cesare Tirabassi +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: SECURITY UPDATE: a format string error could lead to arbitrary +## DP: code execution. +## DP: http://www.colino.net/claws-mail/getpatchset.php3?ver=2.10.0cvs153&view=src/inc.c + +@DPATCH@ +diff -urNad sylpheed-claws-gtk2-2.6.0~/src/inc.c sylpheed-claws-gtk2-2.6.0/src/inc.c +--- sylpheed-claws-gtk2-2.6.0~/src/inc.c 2006-11-06 09:50:25.000000000 +0100 ++++ sylpheed-claws-gtk2-2.6.0/src/inc.c 2007-09-06 18:39:50.000000000 +0200 +@@ -1200,7 +1200,7 @@ + mainwindow_show_error(); + + if (err_msg) { +- alertpanel_error_log(err_msg); ++ alertpanel_error_log("%s", err_msg); + g_free(err_msg); + } + }