This patch has been committed.
../xemacs-no-rsync/xemacs-21.5/lib-src/ChangeLog addition:
2005-01-29 Vin Shelton <acs(a)xemacs.org>
* movemail.c (popmail): Pass error string as format parameter
instead of as part of format string. Security fixes for
CAN-2005-0100.
21.5 source patch:
Diff command: cvs -q diff -u
Files affected: lib-src/movemail.c
Index: lib-src/movemail.c
===================================================================
RCS file: /pack/xemacscvs/XEmacs/xemacs/lib-src/movemail.c,v
retrieving revision 1.20
diff -a -u -u -r1.20 movemail.c
--- lib-src/movemail.c 2002/03/13 08:51:59 1.20
+++ lib-src/movemail.c 2005/02/14 03:37:21
@@ -746,14 +746,14 @@
server = pop_open (0, user, password, POP_NO_GETPASS);
if (! server)
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
return (1);
}
VERBOSE(("stat'ing messages\n"));
if (pop_stat (server, &nmsgs, &nbytes))
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
return (1);
}
@@ -801,7 +801,7 @@
mbx_delimit_begin (mbf);
if (pop_retr (server, i, mbx_write, mbf) != POP_RETRIEVED)
{
- error (Errmsg, NULL, NULL);
+ error ("%s", Errmsg, NULL);
close (mbfi);
return (1);
}
@@ -849,7 +849,7 @@
VERBOSE(("deleting message %d \n", i));
if (pop_delete (server, i))
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
pop_close (server);
return (1);
}
@@ -860,7 +860,7 @@
VERBOSE(("closing server \n"));
if (pop_quit (server))
{
- error (pop_error, NULL, NULL);
+ error ("%s", pop_error, NULL);
return (1);
}