|
Message-ID: <CAHmME9oFvgdG+EDva9AUhYTA_xA47EpYb03Q4fNgbPVQ8kvKjA@mail.gmail.com> Date: Thu, 15 Nov 2012 01:48:29 +0100 From: "Jason A. Donenfeld" <Jason@...c4.com> To: oss-security <oss-security@...ts.openwall.com> Cc: gentoo-security@...too.org Subject: Fwd: [ANNOUNCE] CGIT v0.9.1 Released Hi guys, Just emailing to let you know that CVE-2012-4465 and CVE-2012-4548 have been fixed with the latest release of cgit. Thanks, Jason ---------- Forwarded message ---------- From: Jason A. Donenfeld <Jason@...c4.com> Date: Thu, Nov 15, 2012 at 1:46 AM Subject: [ANNOUNCE] CGIT v0.9.1 Released To: cgit@...mli.net Hi everyone, It is with pleasure that I announce the first release of cgit in months, version 0.9.1. This last release cycle has been a long one due to the disappearance of the former maintainer, Lars Hjemli, but rest assured, cgit is healthy and well, and I've been very pleased with the activity and excitement on this list. Without further ado, here's the changelog for the latest release: == ChangeLog v0.9.1 == Enhancements: - path-selected submodule links - intelligent default branch guessing - /etc/mime.types lookup - gitweb.* and cgit.* git-config support - case insensitive sorting and age sorting - commit, repository, and section sorting - bold currently viewed page in pagination - support BSDs in makefile Security: - CVE-2012-4465: heap-buffer overflow in parsing.c - CVE-2012-4548: syntax highlighting command injection Bug Fixes: - transition maintainer to Jason Donenfeld (zx2c4) - download git snapshot from github instead of Lars' old server - css fixes - stablization of tests - more compatible default highlight script - suppress gzip timestamp so that tarballs only use tar timestamps - treat ctags as target in makefile - do not let global variables override certain local repo settings - print ampersand as proper html entity - use placeholder for empty commit subject - format diff view for addition and removal of files - point links at correct blob from ssdiff == Downloading == The home of cgit is now here: http://git.zx2c4.com/cgit/about/ The repository can be cloned by: $ git clone http://git.zx2c4.com/cgit A tarball of v0.9.1 is here: http://git.zx2c4.com/cgit/snapshot/cgit-0.9.1.tar.xz sha1 - faca1c822b035cd7fa5eda741f994255fde6608b If xz is no good for your distribution, a tar.gz and a tar.bz2 are available by tinkering with the URL. For verification, I've gpg signed the tag "v0.9.1" which you can verify by cloning the repo. My public key is 0xA5DE03AE: http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0x49FC7012A5DE03AE == Moving Forward == For the next release cycle, there are a few things I look forward to seeing: - ssdiff tabulation fixes - authorization helper integration - fixing memory leaks - source file grepping Thanks so much to everyone who contributed with great patches and enhancements. -- Jason Donenfeld www.zx2c4.com
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.