[cfe-dev] Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
Zachary Turner via cfe-dev
cfe-dev at lists.llvm.org
Fri Oct 26 01:52:09 PDT 2018
Someone else told me about this recently too. Let's delete this from the
repository.
On Fri, Oct 26, 2018 at 1:45 AM Hans Wennborg <hans at chromium.org> wrote:
> This is from the clang-tidy plugin that Zach wrote
> (clang-tools-extra/clang-tidy-vs/ClangTidy/).
>
> I haven't published any packages for that, in fact I'm not sure where it
> is published.
>
> Zach: is this still maintained or should we remove it, or update the
> YamlDotNet dependency?
>
> On Fri, Oct 19, 2018 at 2:18 PM, Jonas Toth via cfe-dev <
> cfe-dev at lists.llvm.org> wrote:
>
>> +Hans, I believe he packaged the visual studio plugin this seems to come
>> from.
>>
>> Am 17.10.2018 um 07:00 schrieb Will Dietz via cfe-dev:
>>
>> Hi folks, haven't looked into it but thought I'd forward this in case
>> it's useful and worth acting on. Apologies if entirely noise, but better
>> safe than sorry :).
>>
>> Happy LLVM-ing,
>> ~Will
>>
>> ---------- Forwarded message ---------
>> From: GitHub <notifications at github.com>
>> Date: Tue, Oct 16, 2018, 12:02 PM
>> Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may
>> have a security vulnerability
>> To: llvm-mirror/clang-tools-extra <clang-tools-extra at noreply.github.com>
>> Cc: Security alert <security_alert at noreply.github.com>
>>
>>
>>
>> We found a potential security vulnerabilty in one of your dependencies
>> [image: GitHub] <https://github.com> Sign in <https://github.com/login>
>> *dtzWill,*
>>
>> We found a potential security vulnerability in a repository for which you
>> have been granted security alert access.
>> [image: @llvm-mirror] llvm-mirror/clang-tools-extra
>> <https://github.com/llvm-mirror/clang-tools-extra>
>> Known * high severity* security vulnerability detected in YamlDotNet <=
>> 4.3.2 defined in packages.config
>> <https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config>.
>>
>> packages.config
>> <https://github.com/llvm-mirror/clang-tools-extra/blob/master/clang-tidy-vs/ClangTidy/packages.config>
>> update suggested: YamlDotNet ~> 5.0.0.
>> Always verify the validity and compatibility of suggestions with your
>> codebase.
>>
>> Review vulnerable dependency
>> <https://github.com/llvm-mirror/clang-tools-extra/network/alert/clang-tidy-vs/ClangTidy/packages.config/YamlDotNet/open>
>> ------------------------------
>>
>> Only users who have been assigned access to security alerts will receive
>> these notifications.
>> Unsubscribe
>> <https://github.com/notifications/unsubscribe-vulnerability/AAx4srgW3TNA-Qj-p1U44AZWq56EfX7Dks5ulhFBgaJpZM4XezKI>
>> · Email preferences <https://github.com/settings/emails> · Terms
>> <https://help.github.com/articles/github-terms-of-service/> · Privacy
>> <https://help.github.com/articles/github-privacy-policy/> · Sign into
>> GitHub <https://github.com/login>
>>
>> GitHub, Inc.
>> 88 Colin P Kelly Jr St.
>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.++%0D%0A++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g>
>> San Francisco, CA 94107
>> <https://maps.google.com/?q=88+Colin+P+Kelly+Jr+St.++%0D%0A++++++++++++++++++++++++++++San+Francisco,+CA+94107&entry=gmail&source=g>
>>
>>
>>
>> _______________________________________________
>> cfe-dev mailing listcfe-dev at lists.llvm.orghttp://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>>
>>
>> _______________________________________________
>> cfe-dev mailing list
>> cfe-dev at lists.llvm.org
>> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20181026/9c9e1ef7/attachment.html>
More information about the cfe-dev
mailing list