Derek Martin wrote: > On Mon, Mar 02, 2015 at 02:29:34PM -0800, Kevin J. McCarthy wrote: > > Christian Rebischke wrote: > > > Hello Guys, > > > Sorry for interrupting your development process. I have one question to > > > the > > > CVE-2014-9116. Its fixed in stable yes. But is it fixed in the development > > > version 1.5.23 too? I can't find any information about this. > > > > It was fixed in our hg repos at commit 0aebf1df4359, but we have not > > had a release with the fix in it yet. > > It does seem that making one would be prudent... Most people run a > dev build, and many people build from source. They would not have the > fix unless they were paying close attention and build from the repo. > > Was there at least notification of this on the announce list?
Not that I'm aware of. I agree we're quite due for a release. This fix along with 5a86319adad0 would be good to get released and announced. -Kevin
signature.asc
Description: PGP signature
