[cfe-dev] Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

Will Dietz via cfe-dev cfe-dev at lists.llvm.org
Tue Oct 16 22:00:58 PDT 2018


Hi folks, haven't looked into it but thought I'd forward this in case it's
useful and worth acting on.  Apologies if entirely noise, but better safe
than sorry :).

Happy LLVM-ing,
~Will

---------- Forwarded message ---------
From: GitHub <notifications at github.com>
Date: Tue, Oct 16, 2018, 12:02 PM
Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have
a security vulnerability
To: llvm-mirror/clang-tools-extra <clang-tools-extra at noreply.github.com>
Cc: Security alert <security_alert at noreply.github.com>


We found a potential security vulnerabilty in one of your dependencies
[image: GitHub] <https://github.com> Sign in <https://github.com/login>
*dtzWill,*

We found a potential security vulnerability in a repository for which you
have been granted security alert access.
[image: @llvm-mirror] llvm-mirror/clang-tools-extra
<https://github.com/llvm-mirror/clang-tools-extra>
Known * high severity* security vulnerability detected in YamlDotNet <=
4.3.2 defined in packages.config
<https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config>.

packages.config
<https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config>
update suggested: YamlDotNet ~> 5.0.0.
Always verify the validity and compatibility of suggestions with your
codebase.
Review vulnerable dependency
<https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open>
------------------------------

Only users who have been assigned access to security alerts will receive
these notifications.
Unsubscribe
<https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI>
· Email preferences <https://github.com/settings/emails> · Terms
<https://help.github.com/articles/github-terms-of-service/> · Privacy
<https://help.github.com/articles/github-privacy-policy/> · Sign into GitHub
<https://github.com/login>

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20181017/e614b7ed/attachment.html>


More information about the cfe-dev mailing list