Control: tags -1 + confirmed
On Mon, 2013-10-14 at 23:35 +0200, Felix Geyer wrote:
> There are two minor security issues in ruby-passenger:
> CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage
>
> I'd like to fix those by backporting four upstream commits,
> see the attached debdiff.
I realise they're not regressions, but things like
+- if system("(gcc #{ENV['CFLAGS']} -c
'#{source_file}') >/dev/null 2>/dev/null")
++ if system("(gcc #{ENV['CFLAGS']} -c
'#{source_file}' -o '#{output_file}') >/dev/null 2>/dev/null")
make me a sad reviewer. Surely Ruby has saner ways of implementing this?
(Something like Python's subprocess, or even a list form of system().)
That being said, please go ahead; thanks.
Regards,
Adam
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
