Please do not reply directly to this email. All additional comments should be made in the comments box of this bug. https://bugzilla.redhat.com/show_bug.cgi?id=528000 Phil Harvey <boardhead62@xxxxxxxxxxx> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |boardhead62@xxxxxxxxxxx --- Comment #5 from Phil Harvey <boardhead62@xxxxxxxxxxx> 2009-10-09 13:09:44 EDT --- If this generates taint errors, I'm surprised that exiftool doesn't generate more. The value of $format is obtained from an unpack('S',...) call, so the result is guaranteed to be either undefined or a number in the range 0 to 65535. How is this a security problem when used in a sprintf format string? -- Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug. -- Fedora Extras Perl SIG http://www.fedoraproject.org/wiki/Extras/SIGs/Perl Fedora-perl-devel-list mailing list Fedora-perl-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-perl-devel-list
