[cfe-dev] Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
Jonas Toth via cfe-dev
cfe-dev at lists.llvm.org
Fri Oct 19 05:18:42 PDT 2018
+Hans, I believe he packaged the visual studio plugin this seems to come
from.
Am 17.10.2018 um 07:00 schrieb Will Dietz via cfe-dev:
> Hi folks, haven't looked into it but thought I'd forward this in case
> it's useful and worth acting on. Apologies if entirely noise, but
> better safe than sorry :).
>
> Happy LLVM-ing,
> ~Will
>
> ---------- Forwarded message ---------
> From: *GitHub* <notifications at github.com
> <mailto:notifications at github.com>>
> Date: Tue, Oct 16, 2018, 12:02 PM
> Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may
> have a security vulnerability
> To: llvm-mirror/clang-tools-extra
> <clang-tools-extra at noreply.github.com
> <mailto:clang-tools-extra at noreply.github.com>>
> Cc: Security alert <security_alert at noreply.github.com
> <mailto:security_alert at noreply.github.com>>
>
>
>
>
> We found a potential security vulnerabilty in one of your dependencies
> GitHub <https://github.com> Sign in <https://github.com/login>
>
> *dtzWill,*
>
> We found a potential security vulnerability in a repository for which
> you have been granted security alert access.
>
> @llvm-mirror llvm-mirror/clang-tools-extra
> <https://github.com/llvm-mirror/clang-tools-extra>
> Known *high severity* security vulnerability detected in |YamlDotNet
> <= 4.3.2| defined in |packages.config|
> <https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config>.
>
> |packages.config|
> <https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config>
> update suggested: |YamlDotNet ~> 5.0.0|.
> Always verify the validity and compatibility of suggestions with your
> codebase.
>
>
> Review vulnerable dependency
> <https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open>
>
>
> ------------------------------------------------------------------------
>
> Only users who have been assigned access to security alerts will
> receive these notifications.
>
> Unsubscribe
> <https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI>
> · Email preferences <https://github.com/settings/emails> · Terms
> <https://help.github.com/articles/github-terms-of-service/> · Privacy
> <https://help.github.com/articles/github-privacy-policy/> · Sign into
> GitHub <https://github.com/login>
>
> GitHub, Inc.
> 88 Colin P Kelly Jr St.
> San Francisco, CA 94107
>
>
>
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20181019/ffba577a/attachment.html>
More information about the cfe-dev
mailing list