Hi Philipp, On Thu, 3 Oct 2024 15:51:35 +0200 Philipp Kern <pk...@debian.org> wrote:
> Package: www.debian.org > Severity: important > X-Debbugs-Cc: debian-ad...@lists.debian.org, holg...@debian.org > > Hi, > > Filing here as I'm not sure if there's a better place (the repository on > Salsa does not allow issue filing and there's no real contact link, and > the repo is owned by webmaster-team). > > I found the following lines in apache's error log on picconi and it's > printed at least once per invocation: > > > mod_fcgid: stderr: [Thu Oct 3 13:48:20 2024] dispatcher.fcgi: Missing > > argument in sprintf at ../lib/Packages/I18N/Locale.pm line 31. mod_fcgid: > > stderr: [Thu Oct 3 13:48:21 2024] dispatcher.fcgi: Redundant argument in > > sprintf at ../lib/Packages/I18N/Locale.pm line 31. > > It looks like this might happen if the localized strings we sprintf into > don't have exactly the substitutions required. Sadly there isn't any > more information in the logs as to the context in which this happens. > To get a stacktrace, you can try Carp::Always (see https://metacpan.org/pod/Carp::Always ) or a similar handler for $SIG{__WARN__} and $SIG{__DIE__} (see https://metacpan.org/pod/perlvar#%25SIG ). also see https://perldoc.perl.org/functions/caller . Hope that helps > At the very least we should go and silence these, even though they point > to real bugs. > > There's another one printed, but much less frequently: > > > dispatcher.fcgi: CGI::param called in list context from > > ../lib/Packages/Dispatcher.pm line 133, this can lead to vulnerabilities. > > See the warning in "Fetching the value or values of a single named > > parameter" at /usr/share/perl5/CGI.pm line 414., referer: [...] > > It'd be good if that one were to be fixed as well. > > Kind regards and thanks > Philipp Kern > -- Shlomi Fish https://www.shlomifish.org/ https://www.shlomifish.org/open-source/projects/fortune-mod/ Thank God I found the good in goodbye! — “Best Thing I Never Had”, Beyoncé Please reply to list if it's a mailing list post - https://shlom.in/reply .
