Source: libberkeleydb-perl
Severity: normal
Version: 0.49-1
With hardening flags enabled, this package FTBFS:
BerkeleyDB.xs: In function 'softCrash':
BerkeleyDB.xs:948:5: error: format not a string literal and no format arguments
[-Werror=format-security]
(this is the first error of this type seen: it's possible that there
could be others once this is fixed).
A likely fix is to change croak(var) to croak("%s", var)[1].
Note that I haven't verified whether an externally-controlled string is
used; if so, it would be appropriate to upgrade this bug RC severity
with the security tag[2].
Thanks,
Dominic.
[1] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#92>
[2] <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=657853#117>
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
