Hello community, here is the log from the commit of package dia checked in at Sun May 21 18:59:34 CEST 2006. -------- --- GNOME/dia/dia.changes 2006-03-30 17:27:07.000000000 +0200 +++ dia/dia.changes 2006-05-17 13:28:28.000000000 +0200 @@ -1,0 +2,5 @@ +Wed May 17 13:05:29 CEST 2006 - sbrabec@suse.cz + +- Fixed message format string vulnerability (#173867). + +------------------------------------------------------------------- New: ---- dia-message-format.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ dia.spec ++++++ --- /var/tmp/diff_new_pack.SPBSb5/_old 2006-05-21 18:59:29.000000000 +0200 +++ /var/tmp/diff_new_pack.SPBSb5/_new 2006-05-21 18:59:29.000000000 +0200 @@ -19,7 +19,7 @@ Autoreqprov: on Summary: A Diagram Creation Program Version: 0.94 -Release: 33 +Release: 41 Source: ftp://ftp.gnome.org/pub/GNOME/stable/sources/dia/dia-%{version}.tar.bz2 Source1: font-test-japanese.dia Source2: font-test-czech.dia @@ -33,6 +33,7 @@ Patch8: dia-group-props-size.patch Patch9: dia-can-2005-2966.patch Patch10: dia-xfig.patch +Patch11: dia-message-format.patch URL: http://www.gnome.org/projects/dia/ BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -70,6 +71,7 @@ cd plug-ins/xfig %patch10 cd ../.. +%patch11 gnome-patch-translation-update cp $RPM_SOURCE_DIR/font-test*dia . @@ -114,6 +116,8 @@ %prefix/share/pixmaps/* %changelog -n dia +* Wed May 17 2006 - sbrabec@suse.cz +- Fixed message format string vulnerability (#173867). * Thu Mar 30 2006 - sbrabec@suse.cz - Fixed XFig import buffer overflows (#162074). http://mail.gnome.org/archives/dia-list/2006-March/msg00149.html ++++++ dia-message-format.patch ++++++ --- lib/message.c +++ lib/message.c @@ -86,7 +86,7 @@ 0, /* GtkDialogFlags */ type, GTK_BUTTONS_CLOSE, - buf); + "%s", buf); if (title) { gchar *real_title; ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun...