Follow-up Comment #2, bug #472 (project tex4ht): The Gentoo package compiles and installs htcmd for some reason (presumably https://bugs.gentoo.org/85301#c2 which is a little weak indeed), so the format-security issue has popped up in an automatic scan.
Looking at the source code, the command seems to do conversion from slashes to backslashes in path names, which doesn't look useful outside of the MS-DOS/Windows world. BTW, there may be more security issues: warn_err_mssg has only one element and err_i() accesses it out of bounds. The command line buffer is allocated with a fixed size and populated without any size checks. So, I'm going to drop htcmd from the Gentoo package. Sorry for the noise. _______________________________________________________ Reply to this item at: <http://puszcza.gnu.org.ua/bugs/?472> _______________________________________________ Message sent via/by Puszcza http://puszcza.gnu.org.ua/