Re: Bug#657853: Building perl with hardened build flags
On Sun, Feb 12, 2012 at 09:27:24PM +0100, Moritz Mühlenhoff wrote:
> If the missing format string is variable and controlled externally (e.g.
> if read from a file or from network communication), please file it
> with RC severity and the security tag. (If it's a popular Perl module,
> please contact email@example.com, so that we can coordinate with
> other distros.)
> Otherwise it's rather "normal" severity.
I didn't feel qualified to make judgements about the exploitablity,
but I thought it would be worth an initial filing in any case (I made
this clear in the text of my reports). You can see them at
Dominic Hargreaves | http://www.larted.org.uk/~dom/
PGP key 5178E2A5 from the.earth.li (keyserver,web,email)