[Secure-testing-team] Bug#745699: ruby2.1: Requires internet to build (fetches config.sub/config.guess)
Scott Kitterman
debian at kitterman.com
Thu Apr 24 06:29:39 UTC 2014
Package: ruby2.1
Version: 2.1.1-3
Severity: serious
Tags: security patch
Justification: Policy 4.9
ruby2.1 is shipped without config.sub and config.guess and then these are
insecurely downloaded during configure. It would be much better just to use
the ones shipped with autotools-dev. Patch attached.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: patch
Type: text/x-diff
Size: 728 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20140424/13c89d5c/attachment.diff>
More information about the Secure-testing-team
mailing list