Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1

To: Felix Geyer <fgeyer@debian.org>, 726358@bugs.debian.org
Subject: Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1
From: "Adam D. Barratt" <adam@adam-barratt.org.uk>
Date: Tue, 22 Oct 2013 21:19:33 +0100
Message-id: <[🔎] 1382473173.26905.15.camel@jacala.jungle.funky-badger.org>
Reply-to: "Adam D. Barratt" <adam@adam-barratt.org.uk>, 726358@bugs.debian.org
In-reply-to: <[🔎] 20131014213533.6212.41073.reportbug@localhost6.localdomain6>
References: <[🔎] 20131014213533.6212.41073.reportbug@localhost6.localdomain6>

Control: tags -1 + confirmed

On Mon, 2013-10-14 at 23:35 +0200, Felix Geyer wrote:
> There are two minor security issues in ruby-passenger:
> CVE-2013-2119 and CVE-2013-4136: insecure tmp files usage
> 
> I'd like to fix those by backporting four upstream commits,
> see the attached debdiff.

I realise they're not regressions, but things like

+-					if system("(gcc #{ENV['CFLAGS']} -c '#{source_file}') >/dev/null 2>/dev/null")
++					if system("(gcc #{ENV['CFLAGS']} -c '#{source_file}' -o '#{output_file}') >/dev/null 2>/dev/null")

make me a sad reviewer. Surely Ruby has saner ways of implementing this?
(Something like Python's subprocess, or even a list form of system().)

That being said, please go ahead; thanks.

Regards,

Adam

Reply to:

Follow-Ups:
- Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1
  - From: "Adam D. Barratt" <adam@adam-barratt.org.uk>

References:
- Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1
  - From: Felix Geyer <fgeyer@debian.org>

Prev by Date: Processed: tagging 727087
Next by Date: Processed: Re: Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1
Previous by thread: Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1
Next by thread: Bug#726358: pu: package ruby-passenger/3.0.13debian-1+deb7u1
Index(es):
- Date
- Thread