Summary: | dev-util/mercurial <1.0.2 hgweb "allowpull" file disclosure (CVE-2008-4297) | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Robert Buchholz (RETIRED) <rbu> | ||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | normal | CC: | fmccor, nelchael, python | ||||||
Priority: | High | ||||||||
Version: | unspecified | ||||||||
Hardware: | All | ||||||||
OS: | Linux | ||||||||
URL: | http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b | ||||||||
Whiteboard: | B3 [noglsa] | ||||||||
Package list: | Runtime testing required: | --- | |||||||
Bug Depends on: | 239537 | ||||||||
Bug Blocks: | |||||||||
Attachments: |
|
Description
Robert Buchholz (RETIRED)
2008-09-29 14:56:08 UTC
is 1.0.2 ready for stable? Arches, please test and mark stable: =dev-util/mercurial-1.0.2 Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86" 1.0.2 has dev-python/pygments as a dependency. Python team, are we allowed to mark this package stable? Hello, I have filed a stablereq on dev-python/pygments-0.10 and added it as a dep for this bug. Best regards, Thanks! amd64 stable Created attachment 167180 [details]
ppc and ppc64 test failures
Anyone else seeing test failures like this? Same for me on both ppc and ppc64 Created attachment 167191 [details] mercurial-1.0.2.ebuild Brent, it seems these are the failures from bug 231280 and introduced by 1.0.1-r3. Does it work with this ebuild? (In reply to comment #8) > Created an attachment (id=167191) [edit] > mercurial-1.0.2.ebuild > > Brent, it seems these are the failures from bug 231280 and introduced by > 1.0.1-r3. Does it work with this ebuild? looks good on amd64/x86, no more test failures. updated the ebuild then, I left the keywords (and lack thereof) intact. ppc and ppc64 stable on -1.0.2 now. all tests passed fine. Sparc stable. All tests fine, although one is skipped: Skipped test-no-symlinks: system supports symbolic links The comment is correct, so I suppose that this is expected. alpha/ia64/x86 stable time for GLSA decision. I'd go for a NO here since the impact is rather low IMHO. NO, impact is limited to secret files in repository. Seriously, who puts them in a public repo anyway? :-) |