tags 649322 security severity 649322 grave thanks On Sat, Nov 19, 2011 at 11:19:48PM +0100, Leo Iannacone wrote: > The package clearsilver fails to compile with the new hardened compiler > flags dpkg-buildflag outputs [0]. > The problematic flag is: -Werror=format-security > See the ubuntu buildlog: > https://launchpadlibrarian.net/85252523/buildlog_ubuntu-precise-i386.clearsilver_0.10.5-1.2_FAILEDTOBUILD.txt.gz > > Snippet: > neo_cgi.c: In function 'p_cgi_error': > neo_cgi.c:181:3: error: format not a string literal and no format > arguments [-Werror=format-security] > cc1: some warnings being treated as errors
This may very well be exploitable; I sent an example to security@ a little while back, and CCed [email protected]. Please apply Leo's patch ASAP. -- Colin Watson [[email protected]] -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
