From d26d1ac3875310bfd09c0016d66363da10f33ffa Mon Sep 17 00:00:00 2001
From: Fumitoshi UKAI <ukai@debian.or.jp>
Date: Wed, 27 Dec 2006 02:15:24 +0000
Subject: * [SECURITY] fix format string vulnerability * file.c (inputAnswer)
 fix format string bug

---
 ChangeLog | 7 ++++++-
 file.c    | 4 ++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 248b58e..3aef384 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2006-12-27  Fumitoshi UKAI  <ukai@debian.or.jp>
+
+	* [SECURITY] fix format string vulnerability
+	* file.c (inputAnswer) fix format string bug
+
 2006-12-07  Hiroyuki Ito  <ZXB01226@nifty.com>
 
 	* [w3m-dev 04185] Re: italic text
@@ -8784,4 +8789,4 @@ a	* [w3m-dev 03276] compile error on EWS4800
 	* release-0-2-1
 	* import w3m-0.2.1
 
-$Id: ChangeLog,v 1.973 2006/12/10 11:06:12 inu Exp $
+$Id: ChangeLog,v 1.974 2006/12/27 02:15:24 ukai Exp $
diff --git a/file.c b/file.c
index 4c7caaf..e48965f 100644
--- a/file.c
+++ b/file.c
@@ -1,4 +1,4 @@
-/* $Id: file.c,v 1.249 2006/12/10 11:06:12 inu Exp $ */
+/* $Id: file.c,v 1.250 2006/12/27 02:15:24 ukai Exp $ */
 #include "fm.h"
 #include <sys/types.h>
 #include "myctype.h"
@@ -8021,7 +8021,7 @@ inputAnswer(char *prompt)
 	ans = inputChar(prompt);
     }
     else {
-	printf(prompt);
+	printf("%s", prompt);
 	fflush(stdout);
 	ans = Strfgets(stdin)->ptr;
     }
-- 
cgit v1.2.3