Created attachment 497298 [details, diff] db-4.8.30-format-security.patch db has a few error messages stored in temporary variables before being emitted. They are sent to a printf-like function without using "%s". The attached patch corrects this.
The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=503f602e1edc26f721b47c80981068f547b86b68 commit 503f602e1edc26f721b47c80981068f547b86b68 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-06-20 03:33:22 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-06-20 05:03:51 +0000 sys-libs/db: fix -Wformat-security Closes: https://bugs.gentoo.org/632628 Thanks-to: René Rhéaume <rene.rheaume@gmail.com> Signed-off-by: Sam James <sam@gentoo.org> sys-libs/db/db-4.8.30-r7.ebuild | 164 ++++++++++++++++++++++++ sys-libs/db/files/db-4.8-wformat-security.patch | 43 +++++++ 2 files changed, 207 insertions(+)