[augeas-devel] ANNOUNCE: Augeas 1.8.1 (fixes CVE-2017-7555)
David Lutterkort
lutter at watzmann.net
Thu Aug 17 23:00:42 UTC 2017
I just released Augeas 1.8.1. The only change compared to 1.8.0 is a fix
for CVE-2017-7555 <https://access.redhat.com/security/cve/CVE-2017-7555>
which addresses a serious security flaw connected to the handling of
escaped whitespace at the end of path expressions. The commit
<https://github.com/hercules-team/augeas/commit/7a9177a960bb7bab30423241a099e5a04e2c3993>
has a few more details of what was going on there. The problem was
introduced by commit ea010d85, first released in Augeas 0.9.0.
Many thanks to Han Han, Laine Stump, and Doran Moppert for finding and
helping address this issue.
David
Tarball: http://download.augeas.net/augeas-1.8.1.tar.gz
GPG signature: http://download.augeas.net/augeas-1.8.1.tar.gz.sig
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/augeas-devel/attachments/20170817/66a6a444/attachment.htm>
More information about the augeas-devel
mailing list