libaudit noticed a format string vulnerability in abiword: Jun 24 23:47:00 insomniac abiword-2.2: warn: non-literal format string contains no specifiers: vsprintf(0x88ed868, "Save changes to document Statement.abw before closing?"); Of questionable security impact, a user would have to open, modify and then attempt to exit abiword with a very dodgy looking filename, but it should be fixed nonetheless. suggested fix, around line 761 of abi/src/af/xap/xp/xap_Frame.cpp - pDialog->setMessage(szNewMessage); + pDialog->setMessage("%s", szNewMessage);
testcase would be saving a file called foo%.500x%n%n%n%n%nbar.abw or something, modifying the file, then attempting to exit without saving.
Thx Tavis, has upstream been notified?
They have now :) http://bugzilla.abisource.com/show_bug.cgi?id=9201
upstream report the issue has now been fixed in their cvs repository
Gnome team: feel like patching ? Or wait for a new release ?
patching would be fine by me, but i have zero time this week so won't get around to it anytime soon. If any of the security folk care to do it ?
Tavis, feel like pushing the patch in ? Anyone else in Gnome herd ?
All 3 builds have been revbumped and patched. old ( non rev bumped ) ebuilds w/o the patch were removed.
Ready for GLSA
Hmm, let's rather vote... It's a quite complicated path to social engineer (especially the "quit without saving" part).
I would vote a weak NO.
I vote NO.
Voting no too -> closing