X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:content-type:content-transfer-encoding
	:mime-version:subject:date:references:to:in-reply-to:message-id;
	q=dns; s=default; b=XqEib2jxFNh/0v4pumEqNBuTvPOfViRsIvuGjzDe5XD
	hAtIv71LwxZ4ojL4+r+hCB/gjE9EZn5TLYpQJGxFhVmcAXxJdtrUoru2yPUR0tq9
	bE+20CxR6nex11lOLk2FXKHPduDoTb1R58NSh2JWYgu3YNZW/ylasu84DyKabHyg
	=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:content-type:content-transfer-encoding
	:mime-version:subject:date:references:to:in-reply-to:message-id;
	s=default; bh=mgbSobD28lBXN8ZoTJSNO5FFt7Q=; b=nLBvfGjW2em8utbrr
	xCAsx7sRBAAo0bJri5QtWteFJPFB5+UoThwXhQU1EEzyfw1FXYce8JBS+QzGitEs
	+e8jr5pv/+/tjD09k30Rn1oCyN520lqkw82ZkCX0zf4rP3H5p1eIvuX5RW7Luz3I
	ztOV7f5nHCCcGbfZI8MnZ7vjuA=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=0.8 required=5.0 tests=AWL,BAYES_50,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy=moreton, Moreton, Hx-languages-length:799, H*MI:4494
X-HELO:	gproxy10-pub.mail.unifiedlayer.com
X-Authority-Analysis:	v=2.2 cv=K4VSJ2eI c=1 sm=1 tr=0 a=x/h8IXy5FZdipniTS+KQtQ==:117 a=x/h8IXy5FZdipniTS+KQtQ==:17 a=kj9zAlcOel0A:10 a=2JCJgTwv5E4A:10 a=pGLkceISAAAA:8 a=5eLVvnnS6fN9KJsjALAA:9 a=CjuIK1q_8ugA:10
From:	Vince Rice <vrice AT solidrocksystems DOT com>
Mime-Version:	1.0 (Mac OS X Mail 10.3 \(3273\))
Subject:	Re: Mercurial update needed for security fixes
Date:	Mon, 25 Sep 2017 12:35:37 -0500
References:	<vz1pobufrri DOT fsf AT gmail DOT com> <vz1wp4wc9i6 DOT fsf AT gmail DOT com> <6af6ce98-5a26-675b-3ac7-e7fb7540274e AT cornell DOT edu> <vz1efqusn0s DOT fsf AT gmail DOT com>
To:	The Cygwin Mailing List <cygwin AT cygwin DOT com>
In-Reply-To:	<vz1efqusn0s.fsf@gmail.com>
Message-Id:	<EAB0030F-A14F-4494-9E45-FD1A51EAE43C@solidrocksystems.com>
X-BWhitelist:	no
X-Exim-ID:	1dwXIC-0033EW-1u
X-Source-Sender:	99-106-192-34.lightspeed.ftwotx.sbcglobal.net ([192.168.1.86]) [99.106.192.34]:53664
X-Source-Auth:	vrice AT solidrocksystems DOT com
X-Email-Count:	1
X-Source-Cap:	c29saWRycjI7c29saWRycjI7Ym94ODY3LmJsdWVob3N0LmNvbQ==
X-Local-Domain:	yes
X-IsSubscribed:	yes
X-MIME-Autoconverted:	from quoted-printable to 8bit by delorie.com id v8PHZwgI006541

> On Sep 25, 2017, at 12:31 PM, Andy Moreton <andrewjmoreton AT gmail DOT com> wrote:
> 
> On Mon 18 Sep 2017, Ken Brown wrote:
> 
>> On 9/18/2017 11:27 AM, Andy Moreton wrote:
>>> On Thu 17 Aug 2017, Andy Moreton wrote:
>>> 
>>> Ping?
>>> 
>>>> Hi,
>>>> 
>>>> Can the mercurial maintainer please update to upstream Hg 4.3.1, to get
>>>> the fixes for CVE-2017-1000115 and CVE-2017-1000116.
>> 
>> I don't know if he reads the list.  I'm adding him to the Cc.
>> 
>> Ken
> 
> Still no response. If the maintiner does not read the project list or
> respond to email, then all of his packages are effectively abandoned.
> 
> Can we please have a *security update* for mercurial ?

And if "effectively abandoned," then there's no one to update them. Are you volunteering?
--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -