[gtkada] Security patch: Format string vulnerability
Björn Persson
Bjorn at xn--rombobjrn-67a.se
Wed Jul 15 20:36:37 CEST 2015
The GCC option -Werror=format-security found a format string
vulnerability in Glib.Messages.Log. The log message is passed to g_log
as if it were a format string.
If some code that uses Glib.Messages.Log can be tricked into logging a
string containing percent characters, then this bug can make it
vulnerable to various attacks, possibly including remote code execution.
This patch adds a correct format string.
Björn Persson
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gtkada-3.8.3-log_format_string.patch
Type: text/x-patch
Size: 740 bytes
Desc: not available
URL: </pipermail/gtkada/attachments/20150715/151b57e5/attachment.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signatur
URL: </pipermail/gtkada/attachments/20150715/151b57e5/attachment.sig>
More information about the gtkada
mailing list