(doesn't affect directly mod_dav, but can lead to security hole in
connection with some other programs - e.g. Oracle 9i)
Changed files:
apache-mod_dav-format.patch -> 1.1
apache1-mod_dav-format.patch -> 1.1
--- /dev/null
+--- mod_dav-1.0.3-1.3.6/mod_dav.c.orig Sun Sep 23 00:22:39 2001
++++ mod_dav-1.0.3-1.3.6/mod_dav.c Wed Feb 26 15:07:31 2003
+@@ -2298,7 +2298,7 @@
+ if (lookup.err.status == HTTP_BAD_REQUEST) {
+ /* This supplies additional information for the default message. */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
+- lookup.err.desc);
++ "%s", lookup.err.desc);
+ return HTTP_BAD_REQUEST;
+ }
+
--- /dev/null
+--- mod_dav-1.0.3-1.3.6/mod_dav.c.orig Sun Sep 23 00:22:39 2001
++++ mod_dav-1.0.3-1.3.6/mod_dav.c Wed Feb 26 15:07:31 2003
+@@ -2298,7 +2298,7 @@
+ if (lookup.err.status == HTTP_BAD_REQUEST) {
+ /* This supplies additional information for the default message. */
+ ap_log_rerror(APLOG_MARK, APLOG_ERR | APLOG_NOERRNO, r,
+- lookup.err.desc);
++ "%s", lookup.err.desc);
+ return HTTP_BAD_REQUEST;
+ }
+