Date: Wed, 04 Oct 2000 09:44:40 -0600 From: Warner Losh <imp@village.org> To: Trevor Johnson <trevor@jpj.net> Cc: Peter Wemm <peter@FreeBSD.org>, cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/usr.sbin/vipw pw_util.c Message-ID: <200010041544.JAA36951@harmony.village.org> In-Reply-To: Your message of "Wed, 04 Oct 2000 02:16:45 EDT." <Pine.BSI.4.21.0010040207580.12229-100000@blues.jpj.net> References: <Pine.BSI.4.21.0010040207580.12229-100000@blues.jpj.net>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <Pine.BSI.4.21.0010040207580.12229-100000@blues.jpj.net> Trevor Johnson writes:
: > peter 2000/10/03 22:42:23 PDT
: >
: > Modified files: (Branch: RELENG_3)
: > usr.sbin/vipw pw_util.c
: > Log:
: > MFC: printf-style format fix. warn(string) -> warn("%s", string)
:
: Any relation to the "format string vulnerability in libutil pw_error(3)
: function" advisory from OpenBSD?
Yes. We fixed this months ago in all but the old branches... OpenBSD
fixed it in about the same time period. There was a bugtraq posting
that included exploit code for this that triggered the back merge.
Peter and I had the same idea, because I made the merge and got
uptodate check failed from CVS when I went to commit it.
Warner
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200010041544.JAA36951>