On Mon, Feb 27, 2012 at 09:42:23PM +0000, Dominic Hargreaves wrote: > Source: libproc-processtable-perl > Severity: normal > Version: 0.45-3 > User: debian...@lists.debian.org > Usertags: hardening-format-security hardening > > With hardening flags enabled, this package FTBFS: > > ProcessTable.xs: In function 'XS_Proc__ProcessTable__initialize_os': > ProcessTable.xs:391:8: error: format not a string literal and no format > arguments [-Werror=format-security]
FWIW, I can't see any security impact. There doesn't seem to be a way to inject format arguments to the return value of OS_initialize(), which is chosen from a list of hardcoded strings on Linux and is mostly NULL elsewhere. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org