[apparmor] [Bug 781961] Re: Format string bugs in apparmor-utils

[Steve Beattie]

This was fixed in lp:apparmor commit 1727 and was merged into the 2.6
branch in commit 1699.

** Also affects: apparmor/2.6
   Importance: Undecided
       Status: New

** Changed in: apparmor/2.6
    Milestone: None => 2.6.2

** Changed in: apparmor/2.6
       Status: New => Fix Committed

** Changed in: apparmor
       Status: In Progress => Fix Released

** Changed in: apparmor/2.6
   Importance: Undecided => Low

-- 
You received this bug notification because you are a member of AppArmor
Developers, which is the registrant for AppArmor.
https://bugs.launchpad.net/bugs/781961

Title:
  Format string bugs in apparmor-utils

Status in AppArmor Linux application security framework:
  Fix Released
Status in AppArmor 2.6 series:
  Fix Committed
Status in “apparmor” package in Ubuntu:
  In Progress

Bug description:
  Binary package hint: apparmor-utils

  /usr/sbin/audit and /usr/sbin/autodep and /usr/sbin/enforce have
  format string bugs .

  test case :
  emanuel at emanuel-desktop:/tmp$ /usr/sbin/audit "/tmp/%n"
  Modification of a read-only value attempted at /usr/sbin/audit line 122.
  emanuel at emanuel-desktop:/tmp$ /usr/sbin/autodep "/tmp/%n"
  Modification of a read-only value attempted at /usr/sbin/autodep line 112.
  emanuel at emanuel-desktop:/tmp$ /usr/sbin/enforce "/tmp/%9999999999999s"
  Integer overflow in format string for sprintf at /usr/sbin/enforce line 132.

  the bug can be found at :
  UI_Info(sprintf(gettext('%s does not exist, please double-check the path.') . $profiling));

  fix : (like in /usr/sbin/complain)
  UI_Info(sprintf(gettext('%s does not exist, please double-check the path.'), $profiling));

To manage notifications about this bug go to:
https://bugs.launchpad.net/apparmor/+bug/781961/+subscriptions