From mboxrd@z Thu Jan 1 00:00:00 1970 From: tmz at pobox.com (Todd Zullinger) Date: Fri, 3 Aug 2018 14:15:39 -0400 Subject: [ANNOUNCE] CGIT v1.2.1 Released In-Reply-To: References: <153100f1c232fcdc@frisell.zx2c4.com> <20180803170624.GF3764@zaya.teonanacatl.net> Message-ID: <20180803181538.GG3764@zaya.teonanacatl.net> Jason A. Donenfeld wrote: > On Fri, Aug 3, 2018 at 7:06 PM Todd Zullinger wrote: >> Yikes, thanks for the heads-up! Do you know if there is a >> CVE assigned for this issue yet? > > I've requested one. > >> It sounds like it affects >> all releases from 0.8 through 1.2, right? > > Yes. Thanks for the quick fixes and to Jann for finding this. I've got updates in the queue for Fedora and EPEL (RHEL/CentOS). While testing, I was worried that I either flubbed something or the patch wasn't sufficient because of the caching. Luckily, all I had to do was clear that or wait 5 minutes for the cache ttl to expire. -- Todd ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ There are two major products that come out of Berkeley: LSD and UNIX. We don't believe this to be a coincidence. -- Jeremy S. Anderson