[Bug 528000] New: Tainted variables in sprintf format

[bugzilla at redhat.com]

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: Tainted variables in sprintf format

https://bugzilla.redhat.com/show_bug.cgi?id=528000

           Summary: Tainted variables in sprintf format
           Product: Fedora
           Version: 10
          Platform: All
        OS/Version: Linux
            Status: NEW
          Severity: medium
          Priority: low
         Component: perl-Image-ExifTool
        AssignedTo: tcallawa at redhat.com
        ReportedBy: pm at datasphere.ch
         QAContact: extras-qa at fedoraproject.org
                CC: tcallawa at redhat.com, fedora-perl-devel-list at redhat.com
    Classification: Fedora


Description of problem:
Some tainted variable(s) are used in sprintf statement(s) causing warnings when
calling program is executed with the -T option. In example:

Insecure dependency in sprintf while running with -T switch at
/usr/lib/perl5/vendor_perl/5.10.0/Image/ExifTool/Exif.pm line 2958 

Version-Release number of selected component (if applicable):
perl-5.10.0-73.fc10.i386
perl-Image-Exiftool-7.67-1.fc10.noarch

How reproducible:
Always in 5.10.0, providing the sprintf statement is reached.

Steps to Reproduce:
I don't know how to force it: I discovered it while testing a spamassassin OCR
plugin.

Actual results:
See above

Expected results:
No warning

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.