Bug#661545: libproc-processtable-perl: FTBFS with hardening flags enabled: -Werror=format-security

Niko Tyni ntyni at debian.org
Thu Mar 8 20:02:46 UTC 2012


On Mon, Feb 27, 2012 at 09:42:23PM +0000, Dominic Hargreaves wrote:
> Source: libproc-processtable-perl
> Severity: normal
> Version: 0.45-3
> User: debian-qa at lists.debian.org
> Usertags: hardening-format-security hardening
> 
> With hardening flags enabled, this package FTBFS:
> 
> ProcessTable.xs: In function 'XS_Proc__ProcessTable__initialize_os':
> ProcessTable.xs:391:8: error: format not a string literal and no format arguments [-Werror=format-security]

FWIW, I can't see any security impact. There doesn't seem
to be a way to inject format arguments to the return value
of OS_initialize(), which is chosen from a list of hardcoded
strings on Linux and is mostly NULL elsewhere.
-- 
Niko Tyni   ntyni at debian.org





More information about the pkg-perl-maintainers mailing list