On Mon, Mar 02, 2015 at 02:29:34PM -0800, Kevin J. McCarthy wrote: > Christian Rebischke wrote: > > Hello Guys, > > Sorry for interrupting your development process. I have one question to the > > CVE-2014-9116. Its fixed in stable yes. But is it fixed in the development > > version 1.5.23 too? I can't find any information about this. > > It was fixed in our hg repos at commit 0aebf1df4359, but we have not > had a release with the fix in it yet.
It does seem that making one would be prudent... Most people run a dev build, and many people build from source. They would not have the fix unless they were paying close attention and build from the repo. Was there at least notification of this on the announce list? -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02 -=-=-=-=- This message is posted from an invalid address. Replying to it will result in undeliverable mail due to spam prevention. Sorry for the inconvenience.
pgpmD1fHNlSLN.pgp
Description: PGP signature
