Package: gcc-3.2 Version: 1:3.2.3-0pre1 Severity: normal Tags: security -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
As noted in the corresponding man page, the 'sprintf' and 'vsprintf' functions are insecure, and should not be used. I suggest that gcc print a warning when compiling code in which they are used, as it already does with 'gets' (also insecure). - -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux cornerstone 2.4.19 #3 Sat Jan 25 06:26:18 PST 2003 i686 Locale: LANG=en_US, LC_CTYPE=en_US Versions of packages gcc-3.2 depends on: ii binutils 2.13.90.0.18-1 The GNU assembler, linker and bina ii cpp-3.2 1:3.2.3-0pre1 The GNU C preprocessor ii gcc-3.2-base 1:3.2.3-0pre1 The GNU Compiler Collection (base ii libc6 2.3.1-11 GNU C Library: Shared libraries an ii libgcc1 1:3.2.3-0pre1 GCC support library - -- no debconf information -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Wde8tHQW4HWNftkRApKUAJ48LxVMp39GRutrfgn7yH2nPUBcwACgg5wB V7Qa4p7aznoNXvxf7zAWOo0= =ByP2 -----END PGP SIGNATURE-----