megacoffee.net Gentoo overlay - legacy mirror

We have moved to Git. This repository is only provided for compatibility with old installations. Learn how to migrate your installation here.

diff profiles/package.mask @ 220:5fc6acd937e1

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
dev-vcs/kallithea: version bump to 0.3.6 (security update), masking <0.3.6
author Daniel Neugebauer <dneuge@energiequant.de>
date Sat, 29 Dec 2018 16:31:18 +0100
parents 64ad94cc6f53
children 77fe2c26eb42
line wrap: on
line diff
--- a/profiles/package.mask	Sun Nov 11 15:08:42 2018 +0100
+++ b/profiles/package.mask	Sat Dec 29 16:31:18 2018 +0100
@@ -12,3 +12,14 @@
 # already published on 6 Jun 2018):
 # https://kallithea-scm.org/news/release-0.3.5.html
 <dev-vcs/kallithea-0.3.5
+
+# Daniel Neugebauer <dneuge@energiequant.de> (29 Dec 2018)
+# for gentoo-overlay.megacoffee.net
+# Kallithea versions before 0.3.6 are vulnerable to privilege escalation
+# in Mercurial (CVE-2018-1000132).
+# Note that Kallithea 0.3.6 continues to use a vulnerable Mercurial version
+# (<4.5.1) but attempts to mitigate the issue.
+# Upgrade ASAP (updates were already published on 6 Mar 2018 for Mercurial
+# and 4 Nov 2018 for additional mitigation in Kallithea):
+# https://kallithea-scm.org/news/release-0.3.6.html
+<dev-vcs/kallithea-0.3.6