* Updated: monotone-0.25.2-1 (security fix)
@ 2006-03-25 17:30 Lapo Luchini
0 siblings, 0 replies; only message in thread
From: Lapo Luchini @ 2006-03-25 17:30 UTC (permalink / raw)
To: (Mailing List) CygWin-Announce
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Version 0.25.2-1 of monotone has been uploaded.
monotone is a free distributed version control system. it provides a
simple, single-file transactional version store, with fully disconnected
operation and an efficient peer-to-peer synchronization protocol. it
understands history-sensitive merging, lightweight branches, integrated
code review and 3rd party testing. it uses cryptographic version naming
and client-side RSA certificates. it has good internationalization
support, has no external dependencies, runs on linux, solaris, OSX,
windows, and other unixes, and is licensed under the GNU GPL.
**** important security fix ****
With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc". When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.
The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.
A more detailed description of the upgrade process is on the official
website: http://venge.net/monotone/NEWS.pre
If you have questions or comments, please send them to the Cygwin
mailing list at: cygwin@cygwin.com .
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com
If you need more information on unsubscribing, start reading here:
http://sources.redhat.com/lists.html#unsubscribe-simple
Please read *all* of the information on unsubscribing that is available
starting at this URL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQIcBAEBAgAGBQJEJXzXAAoJELBiMTth2oCDslYQAI0K86d/Bu525j9XEE6XWUqB
cxSJMnuk2Ta6optF0DbeeySp46mn/uYwMaY+GPIeVeQmCsRvmn2OjtcXBWfy/FS/
trHdVnRzuea3F7T0GN+zkVRbktqCxfElIE2wKrF+zsYuuPumYu12TGziVxzngrOY
2jURLhyAsZq1bXPWzcPswjLHsk8EEMmY1U39mixWC6uOoTKYhgj0BJHvR/H0wo6O
L3+M8pj37NIRrH+cDcK47yF11QTbzFYd2p3o1mLdlZbCdjyFyu46bpoBJP7v09YI
0sKujZyxIO2t4rU2eys8jPHXL+l29NYCs5jyNWMtBUOqxEkWHYdXeGraT5G97Gyb
gXk4BOz66TKyiP7+r4h7LmYHISI8TzNLisCJiJrEWB42jXeT/vGas7sFxQz9Pmv1
NgLxH40y84foWsQZp458Mu9UCgPe+iPC5E43YDTGPyy5ueICdMoCGIj4cfboffRE
2632i7s6bZIzc4igjjDDfAGO6Mpwy4QeXpE8la/QpCnGnguomdOWUy/VemOI+17R
HDM3p+6dIEfq4Uu6hQv6DOHbFdyM2QlZEYD0O11m+pCnuELm5/aUhawhAkJFFUn+
w1NF0ugsjaDR52dMKZel2P0IGGdiKb1HdyVVfFaqURiQ7CE0KjKtAWH3LK6AAIZT
hl75RB385RteH4bJpS2M
=9LEA
-----END PGP SIGNATURE-----
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2006-03-25 17:30 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2006-03-25 17:30 Updated: monotone-0.25.2-1 (security fix) Lapo Luchini
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).