This is the mail archive of the
mailing list for the Cygwin project.
[ANNOUNCEMENT] Updated: monotone-0.25.2-1 (security fix)
- From: Lapo Luchini <lapo dot luchini at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Sat, 25 Mar 2006 18:24:40 +0100
- Subject: [ANNOUNCEMENT] Updated: monotone-0.25.2-1 (security fix)
- Openpgp: id=C8F252FB
- Reply-to: cygwin at cygwin dot com
-----BEGIN PGP SIGNED MESSAGE-----
Version 0.25.2-1 of monotone has been uploaded.
monotone is a free distributed version control system. it provides a
simple, single-file transactional version store, with fully disconnected
operation and an efficient peer-to-peer synchronization protocol. it
understands history-sensitive merging, lightweight branches, integrated
code review and 3rd party testing. it uses cryptographic version naming
and client-side RSA certificates. it has good internationalization
support, has no external dependencies, runs on linux, solaris, OSX,
windows, and other unixes, and is licensed under the GNU GPL.
**** important security fix ****
With versions of monotone prior to this release, a person with
commit access could commit a malicious file with a name like
"mt/monotonerc". When anybody else then checked out this
revision on a system with a case-folding filesystem --
usually, this means, "on Windows or OS X" -- then their
monotone would run arbitrary Lua code stored in this file.
The _only_ change in this release as compared to 0.25 is that
the existing checks against files in MT are now extended to
check for mt, Mt, and mT.
A more detailed description of the upgrade process is on the official
If you have questions or comments, please send them to the Cygwin
mailing list at: email@example.com .
*** CYGWIN-ANNOUNCE UNSUBSCRIBE INFO ***
If you want to unsubscribe from the cygwin-announce mailing list, look
at the "List-Unsubscribe: " tag in the email header of this message.
Send email to the address specified there. It will be in the format:
If you need more information on unsubscribing, start reading here:
Please read *all* of the information on unsubscribing that is available
starting at this URL.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v220.127.116.11 (Cygwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
Problem reports: http://cygwin.com/problems.html