From 6a45ba93268ab730b75325f05f19aed23084b2dc Mon Sep 17 00:00:00 2001
From: Matthew Barnes <mbarnes@redhat.com>
Date: Thu, 29 Mar 2007 19:59:59 +0000
Subject: Use a format string ("%s") when passing uncontrolled data to a

2007-03-29  Matthew Barnes  <mbarnes@redhat.com>

	* gui/e-cal-component-memo-preview.c (write_html):
	Use a format string ("%s") when passing uncontrolled data to a
	printf-style function (CVE-2007-1002).


svn path=/trunk/; revision=33342
---
 calendar/ChangeLog                          | 6 ++++++
 calendar/gui/e-cal-component-memo-preview.c | 2 +-
 2 files changed, 7 insertions(+), 1 deletion(-)

diff --git a/calendar/ChangeLog b/calendar/ChangeLog
index eb3ed1a71a..e7502367a2 100644
--- a/calendar/ChangeLog
+++ b/calendar/ChangeLog
@@ -1,3 +1,9 @@
+2007-03-29  Matthew Barnes  <mbarnes@redhat.com>
+
+	* gui/e-cal-component-memo-preview.c (write_html):
+	Use a format string ("%s") when passing uncontrolled data to a
+	printf-style function (CVE-2007-1002).
+
 2007-03-29  Matthew Barnes  <mbarnes@redhat.com>
 
 	* gui/e-day-view.c:
diff --git a/calendar/gui/e-cal-component-memo-preview.c b/calendar/gui/e-cal-component-memo-preview.c
index 192ad70ee1..07b2f79964 100644
--- a/calendar/gui/e-cal-component-memo-preview.c
+++ b/calendar/gui/e-cal-component-memo-preview.c
@@ -185,7 +185,7 @@ write_html (GtkHTMLStream *stream, ECal *ecal, ECalComponent *comp, icaltimezone
 			}
 		}
 		
-		gtk_html_stream_printf(stream, string->str);
+		gtk_html_stream_printf(stream, "%s", string->str);
 
 		g_string_free (string, TRUE);
 	
-- 
cgit v1.2.3