Bug#657853: Building perl with hardened build flags
Dominic Hargreaves
dom at earth.li
Mon Feb 27 21:48:31 UTC 2012
On Sun, Feb 12, 2012 at 09:27:24PM +0100, Moritz Mühlenhoff wrote:
> If the missing format string is variable and controlled externally (e.g.
> if read from a file or from network communication), please file it
> with RC severity and the security tag. (If it's a popular Perl module,
> please contact team at security.debian.org, so that we can coordinate with
> other distros.)
>
> Otherwise it's rather "normal" severity.
I didn't feel qualified to make judgements about the exploitablity,
but I thought it would be worth an initial filing in any case (I made
this clear in the text of my reports). You can see them at
<http://bugs.debian.org/cgi-bin/pkgreport.cgi?tag=hardening;users=debian-qa@lists.debian.org>
Cheers,
Dominic.
--
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)
More information about the Perl-maintainers
mailing list