This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[ANNOUNCEMENT] Updated: monotone-0.25.2-1 (security fix)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Version 0.25.2-1 of monotone has been uploaded.

monotone is a free distributed version control system. it provides a
simple, single-file transactional version store, with fully disconnected
operation and an efficient peer-to-peer synchronization protocol. it
understands history-sensitive merging, lightweight branches, integrated
code review and 3rd party testing. it uses cryptographic version naming
and client-side RSA certificates. it has good internationalization
support, has no external dependencies, runs on linux, solaris, OSX,
windows, and other unixes, and is licensed under the GNU GPL.

**** important security fix ****

With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc".  When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.

The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.

A more detailed description of the upgrade process is on the official
website: http://venge.net/monotone/NEWS.pre




If you have questions or comments, please send them to the Cygwin
mailing list at: cygwin@cygwin.com .

              *** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***

If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there.  It will be in the format:

cygwin-announce-unsubscribe-you=yourdomain.com@cygwin.com

If you need more information on unsubscribing, start reading here:

http://sources.redhat.com/lists.html#unsubscribe-simple

Please read *all* of the information on unsubscribing that is available
starting at this URL.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.1 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIcBAEBAgAGBQJEJXzXAAoJELBiMTth2oCDslYQAI0K86d/Bu525j9XEE6XWUqB
cxSJMnuk2Ta6optF0DbeeySp46mn/uYwMaY+GPIeVeQmCsRvmn2OjtcXBWfy/FS/
trHdVnRzuea3F7T0GN+zkVRbktqCxfElIE2wKrF+zsYuuPumYu12TGziVxzngrOY
2jURLhyAsZq1bXPWzcPswjLHsk8EEMmY1U39mixWC6uOoTKYhgj0BJHvR/H0wo6O
L3+M8pj37NIRrH+cDcK47yF11QTbzFYd2p3o1mLdlZbCdjyFyu46bpoBJP7v09YI
0sKujZyxIO2t4rU2eys8jPHXL+l29NYCs5jyNWMtBUOqxEkWHYdXeGraT5G97Gyb
gXk4BOz66TKyiP7+r4h7LmYHISI8TzNLisCJiJrEWB42jXeT/vGas7sFxQz9Pmv1
NgLxH40y84foWsQZp458Mu9UCgPe+iPC5E43YDTGPyy5ueICdMoCGIj4cfboffRE
2632i7s6bZIzc4igjjDDfAGO6Mpwy4QeXpE8la/QpCnGnguomdOWUy/VemOI+17R
HDM3p+6dIEfq4Uu6hQv6DOHbFdyM2QlZEYD0O11m+pCnuELm5/aUhawhAkJFFUn+
w1NF0ugsjaDR52dMKZel2P0IGGdiKb1HdyVVfFaqURiQ7CE0KjKtAWH3LK6AAIZT
hl75RB385RteH4bJpS2M
=9LEA
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]