* Avoid potential syslog format string issue, although only older versions

of perl are vulnerable and it is not known to really be exploitable from ikiwiki.
2007-02-17 21:34:42 +00:00 · 2007-02-17 21:34:42 +00:00 · ecf37caff9
parent 43be4c519e
commit ecf37caff9
2 changed files with 5 additions and 2 deletions
--- a/IkiWiki.pm
+++ b/IkiWiki.pm
@ -174,7 +174,7 @@ sub log_message ($$) { #{{{
 			$log_open=1;
 		}
 		eval {
-			Sys::Syslog::syslog($type, join(" ", @_));
+			Sys::Syslog::syslog($type, "%s", join(" ", @_));
 		}
 	}
 	elsif (! $config{cgi}) {
--- a/debian/changelog
+++ b/debian/changelog
@ -26,8 +26,11 @@ ikiwiki (1.43) UNRELEASED; urgency=low
  * Add a prettydate plugin that formats dates in a more readable fashion.
    (I had to get a pretty date somehow today..)
  * Updated Czech translation.
+  * Avoid potential syslog format string issue, although only older versions
+    of perl are vulnerable and it is not known to really be exploitable from
+    ikiwiki.

- -- Joey Hess <joeyh@debian.org>  Sat, 17 Feb 2007 14:02:32 -0500
+ -- Joey Hess <joeyh@debian.org>  Sat, 17 Feb 2007 16:32:35 -0500

 ikiwiki (1.42) unstable; urgency=low