Summary: | =net-p2p/syncthing-0.14.38: stabilisation request | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Marek Szuba <marecki> |
Component: | Stabilization | Assignee: | Marek Szuba <marecki> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | dschridde+gentoobugs, leonard, tsmksubc |
Priority: | Normal | Keywords: | STABLEREQ |
Version: | unspecified | Flags: | stable-bot:
sanity-check+
|
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: |
=net-p2p/syncthing-0.14.38
|
Runtime testing required: | --- |
Description
Marek Szuba
2017-08-01 12:06:34 UTC
Recently released syncthing-0.14.35 fixes a security vulnerability which allowed file overwrite via versioned symlinks, please see allows https://github.com/syncthing/syncthing/issues/4286 for details. I haven't seen any announcement regarding when that vulnerability was introduced, however looking at the code suggests it was there for quite a long time. In light of the above the stabilisation target is now version 0.14.35, to become eligible for stabilisation on the 8th of September. Recently, 0.14.38 has been released. Turns out 0.14.35 has got a fairly serious bug so we had better not stabilise it. Current candidate is therefore 0.14.38, to become eligible for stabilisation on the 6th of November. Third time is charm? x86 stable amd64 stable arm stable |