SOURCES: oops-CVE-2005-1121.patch (NEW) - CVE-2005-1121

[radek]

Author: radek                        Date: Tue Jun  6 13:44:08 2006 GMT
Module: SOURCES                       Tag: HEAD
---- Log message:
- CVE-2005-1121

---- Files affected:
SOURCES:
   oops-CVE-2005-1121.patch (NONE -> 1.1)  (NEW)

---- Diffs:

================================================================
Index: SOURCES/oops-CVE-2005-1121.patch
diff -u /dev/null SOURCES/oops-CVE-2005-1121.patch:1.1
--- /dev/null	Tue Jun  6 15:44:08 2006
+++ SOURCES/oops-CVE-2005-1121.patch	Tue Jun  6 15:44:03 2006
@@ -0,0 +1,31 @@
+http://rst.void.ru/papers/advisory24.txt
+
+--- oops-1.5.23/src/modules/passwd_sql.c.orig	2002-03-09 18:46:02.000000000 +0100
++++ oops-1.5.23/src/modules/passwd_sql.c	2006-05-14 23:20:25.787160500 +0200
+@@ -419,7 +419,7 @@
+         sprintf(logbuf,"make_sqlselect(): Connection to database '%s' failed (error=%s)\n",
+                sql.database,PQerrorMessage(conn)
+ 	);
+-	my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, logbuf);
++	my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, "%s", logbuf);
+ 	goto exit;
+     }
+ 
+@@ -482,7 +482,7 @@
+ 	sprintf(logbuf,"make_sqlselect(): Connection to database '%s' failed (error=%s)\n",
+     	               sql.database,mysql_error(mysql)
+ 	       );
+-        my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, logbuf);
++        my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, "%s", logbuf);
+         goto exit; 	
+     }
+ 
+@@ -570,7 +570,7 @@
+ 		 rq->url.host,
+ 		 rq->method
+ 	    );
+-    my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM,logbuf);
++    my_xlog(OOPS_LOG_NOTICE|OOPS_LOG_DBG|OOPS_LOG_INFORM, "%s", logbuf);
+ 
+     if ( rq->av_pairs)
+ 	authorization = attr_value(rq->av_pairs, "Proxy-Authorization");
================================================================