← Back to branch summary

~ubuntu-branches/ubuntu/hardy/asterisk/hardy

« back to all changes in this revision

Viewing changes to debian/patches/CVE-2008-1333

  • Committer: Bazaar Package Importer
  • Author(s): William Grant
  • Date: 2008-04-05 11:32:12 UTC
  • Revision ID: james.westby@ubuntu.com-20080405113212-p7slzlzms8iityna
Tags: 1:1.4.17~dfsg-2ubuntu1
https://launchpad.net/bugs/210124
* SECURITY UPDATE: arbitrary code execution and authentication bypass.
  (LP: #210124)
  - debian/patches/CVE-2008-1289: Check that incoming RTP payloads are
    within buffer limits. Patch from Debian.
  - debian/patches/CVE-2008-1332: Ensure that allowguest has been enabled
    before deciding that authentication isn't required. Patch from Debian.
  - debian/patches/CVE-2008-1333: Interpret logging output as a character
    string, not a format string. Patch from Debian.
  - References:
    + CVE-2008-1289
    + CVE-2008-1332
    + CVE-2008-1333
    + AST-2008-002
    + AST-2008-003
    + AST-2008-004
* Modify Maintainer value to match the DebianMaintainerField
  specification.

Show diffs side-by-side

added added

removed removed

Lines of Context:
debian/patches/CVE-2008-1333
 
1
diff -urNad asterisk-1.4.17~dfsg~/include/asterisk/astobj.h asterisk-1.4.17~dfsg/include/asterisk/astobj.h
 
2
--- asterisk-1.4.17~dfsg~/include/asterisk/astobj.h     2006-02-15 06:14:15.000000000 +1100
 
3
+++ asterisk-1.4.17~dfsg/include/asterisk/astobj.h      2008-04-05 11:12:28.000000000 +1100
 
4
@@ -813,7 +813,7 @@
 
5
  * descriptor.
 
6
  */
 
7
 #define ASTOBJ_CONTAINER_DUMP(fd,s,slen,container) \
 
8
-       ASTOBJ_CONTAINER_TRAVERSE(container, 1, do { ASTOBJ_DUMP(s,slen,iterator); ast_cli(fd, s); } while(0))
 
9
+       ASTOBJ_CONTAINER_TRAVERSE(container, 1, do { ASTOBJ_DUMP(s,slen,iterator); ast_cli(fd, "%s", s); } while(0))
 
10
 
 
11
 #if defined(__cplusplus) || defined(c_plusplus)
 
12
 }