Package: www.debian.org Severity: important X-Debbugs-Cc: debian-ad...@lists.debian.org, holg...@debian.org
Hi, Filing here as I'm not sure if there's a better place (the repository on Salsa does not allow issue filing and there's no real contact link, and the repo is owned by webmaster-team). I found the following lines in apache's error log on picconi and it's printed at least once per invocation: > mod_fcgid: stderr: [Thu Oct 3 13:48:20 2024] dispatcher.fcgi: Missing > argument in sprintf at ../lib/Packages/I18N/Locale.pm line 31. > mod_fcgid: stderr: [Thu Oct 3 13:48:21 2024] dispatcher.fcgi: Redundant > argument in sprintf at ../lib/Packages/I18N/Locale.pm line 31. It looks like this might happen if the localized strings we sprintf into don't have exactly the substitutions required. Sadly there isn't any more information in the logs as to the context in which this happens. At the very least we should go and silence these, even though they point to real bugs. There's another one printed, but much less frequently: > dispatcher.fcgi: CGI::param called in list context from > ../lib/Packages/Dispatcher.pm line 133, this can lead to vulnerabilities. See > the warning in "Fetching the value or values of a single named parameter" at > /usr/share/perl5/CGI.pm line 414., referer: [...] It'd be good if that one were to be fixed as well. Kind regards and thanks Philipp Kern
