On Tue, Jul 07, 2015 at 03:29:41PM +0200, Bruno Thomsen wrote:
Downloading the package source from an unsecure locations and using an
insecure hash (md5)
would allow a malicious proxy to inject vulnerabilities.
The build system would be unable to detect it.
Thanks, applied.
Michael
Downloading the package source from an unsecure locations and using an insecure
hash (md5)
would allow a malicious proxy to inject vulnerabilities.
The build system would be unable to detect it.
Signed-off-by: Bruno Thomsen b...@kamstrup.com
---
rules/strongswan.make | 2 +-
1 file changed, 1