On Sun, Feb 26, 2012 at 08:04:23PM +0000, Dominic Hargreaves wrote: > Source: libberkeleydb-perl > Severity: normal > Version: 0.49-1 > > With hardening flags enabled, this package FTBFS: > > BerkeleyDB.xs: In function 'softCrash': > BerkeleyDB.xs:948:5: error: format not a string literal and no format > arguments [-Werror=format-security]
FWIW, I can't see any real security impact here. The only possible attack vector I can see is the call from dup_compare() on line 1142. Even if that could be triggered by a malicious DB file, it would also need to have a malicious filename, which seems to defeat any real world scenario. Other eyeballs are certainly welcome. I've glanced through the stable version too and the situation looks similar there. -- Niko Tyni nt...@debian.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
