From 374e50f91ac9675589a9752322f0a42069ebd9c3 Mon Sep 17 00:00:00 2001
From: bwarsaw <>
Date: Mon, 11 Sep 2006 12:13:08 +0000
Subject: Fix an unexploitable format string vulnerability.  Even though
 unexploitable, it's still crappy coding that should be fixed.  CVE-2006-2191.
  Thanks go to Karl Chen, Martin 'Joey' Schulze, and Elie Mamane.

---
 src/common.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'src/common.c')

diff --git a/src/common.c b/src/common.c
index e46a2b09..62ed7657 100644
--- a/src/common.c
+++ b/src/common.c
@@ -103,7 +103,7 @@ fatal(const char* ident, int exitcode, char* format, ...)
                 printf("The Mailman CGI wrapper encountered a fatal error. ");
                 printf("This entry is being stored in your syslog:");
                 printf("\n<pre>\n");
-                printf(log_entry);
+                printf("%s", log_entry);
                 printf("</pre>\n");
         }
         else
-- 
cgit v1.2.3