megacoffee.net Gentoo overlay - legacy mirror
We have moved to Git. This repository is only provided for compatibility with old installations. Learn how to migrate your installation here.
comparison profiles/package.mask @ 220:5fc6acd937e1
dev-vcs/kallithea: version bump to 0.3.6 (security update), masking <0.3.6
| author | Daniel Neugebauer <dneuge@energiequant.de> |
|---|---|
| date | Sat, 29 Dec 2018 16:31:18 +0100 |
| parents | 64ad94cc6f53 |
| children | 77fe2c26eb42 |
comparison
equal
deleted
inserted
replaced
| 219:69bf0e308425 | 220:5fc6acd937e1 |
|---|---|
| 10 # (incorrect access control, directory traversal, XSS). See the 0.3.5 release | 10 # (incorrect access control, directory traversal, XSS). See the 0.3.5 release |
| 11 # notes on details and recommended actions and upgrade ASAP (update was | 11 # notes on details and recommended actions and upgrade ASAP (update was |
| 12 # already published on 6 Jun 2018): | 12 # already published on 6 Jun 2018): |
| 13 # https://kallithea-scm.org/news/release-0.3.5.html | 13 # https://kallithea-scm.org/news/release-0.3.5.html |
| 14 <dev-vcs/kallithea-0.3.5 | 14 <dev-vcs/kallithea-0.3.5 |
| 15 | |
| 16 # Daniel Neugebauer <dneuge@energiequant.de> (29 Dec 2018) | |
| 17 # for gentoo-overlay.megacoffee.net | |
| 18 # Kallithea versions before 0.3.6 are vulnerable to privilege escalation | |
| 19 # in Mercurial (CVE-2018-1000132). | |
| 20 # Note that Kallithea 0.3.6 continues to use a vulnerable Mercurial version | |
| 21 # (<4.5.1) but attempts to mitigate the issue. | |
| 22 # Upgrade ASAP (updates were already published on 6 Mar 2018 for Mercurial | |
| 23 # and 4 Nov 2018 for additional mitigation in Kallithea): | |
| 24 # https://kallithea-scm.org/news/release-0.3.6.html | |
| 25 <dev-vcs/kallithea-0.3.6 |