On Thu, Nov 9, 2017 at 6:20 AM, Zhixiong Chi <zhixiong....@windriver.com> wrote: > * Upgrade to the latest release to fix some CVEs: > - CVE-2017-1000115: missing symlink check that can malicious repositories > to modify files outside the repository > - CVE-2017-1000116: did not adequately sanitize hostnames passed to ssh, > leading to possible shell-injection attacks. > > * For other changes please see: https://www.mercurial-scm.org/wiki/WhatsNew > > * Update SRC_URI with the new download link > > Signed-off-by: Zhixiong Chi <zhixiong....@windriver.com>
I sent a similar patch a few days ago which is already staged here: http://git.openembedded.org/meta-openembedded-contrib/log/?h=jansa/master Thanks, -- Paul Barker Togán Labs Ltd -- _______________________________________________ Openembedded-devel mailing list Openembedded-devel@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-devel