Bug#1083233: packages.debian.org: Perl errors in apache2's log
Package: www.debian.org
Severity: important
X-Debbugs-Cc: debian-admin@lists.debian.org, holgerw@debian.org
Hi,
Filing here as I'm not sure if there's a better place (the repository on
Salsa does not allow issue filing and there's no real contact link, and
the repo is owned by webmaster-team).
I found the following lines in apache's error log on picconi and it's
printed at least once per invocation:
> mod_fcgid: stderr: [Thu Oct 3 13:48:20 2024] dispatcher.fcgi: Missing argument in sprintf at ../lib/Packages/I18N/Locale.pm line 31.
> mod_fcgid: stderr: [Thu Oct 3 13:48:21 2024] dispatcher.fcgi: Redundant argument in sprintf at ../lib/Packages/I18N/Locale.pm line 31.
It looks like this might happen if the localized strings we sprintf into
don't have exactly the substitutions required. Sadly there isn't any
more information in the logs as to the context in which this happens.
At the very least we should go and silence these, even though they point
to real bugs.
There's another one printed, but much less frequently:
> dispatcher.fcgi: CGI::param called in list context from ../lib/Packages/Dispatcher.pm line 133, this can lead to vulnerabilities. See the warning in "Fetching the value or values of a single named parameter" at /usr/share/perl5/CGI.pm line 414., referer: [...]
It'd be good if that one were to be fixed as well.
Kind regards and thanks
Philipp Kern
Reply to: