Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

via cfe-dev
Hi folks, haven't looked into it but thought I'd forward this in case it's useful and worth acting on.  Apologies if entirely noise, but better safe than sorry :).

Happy LLVM-ing,
~Will

---------- Forwarded message ---------
From: GitHub <[hidden email]>
Date: Tue, Oct 16, 2018, 12:02 PM
Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
To: llvm-mirror/clang-tools-extra <[hidden email]>
Cc: Security alert <[hidden email]>


dtzWill,

We found a potential security vulnerability in a repository for which you have been granted security alert access.

@llvm-mirror llvm-mirror/clang-tools-extra
Known high severity security vulnerability detected in YamlDotNet <= 4.3.2 defined in packages.config.
packages.config update suggested: YamlDotNet ~> 5.0.0.
Always verify the validity and compatibility of suggestions with your codebase.
Review vulnerable dependency

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

via cfe-dev

+Hans, I believe he packaged the visual studio plugin this seems to come from.


Am 17.10.2018 um 07:00 schrieb Will Dietz via cfe-dev:
Hi folks, haven't looked into it but thought I'd forward this in case it's useful and worth acting on.  Apologies if entirely noise, but better safe than sorry :).

Happy LLVM-ing,
~Will

---------- Forwarded message ---------
From: GitHub <[hidden email]>
Date: Tue, Oct 16, 2018, 12:02 PM
Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
To: llvm-mirror/clang-tools-extra <[hidden email]>
Cc: Security alert <[hidden email]>



dtzWill,

We found a potential security vulnerability in a repository for which you have been granted security alert access.

@llvm-mirror llvm-mirror/clang-tools-extra
Known high severity security vulnerability detected in YamlDotNet <= 4.3.2 defined in packages.config.
packages.config update suggested: YamlDotNet ~> 5.0.0.
Always verify the validity and compatibility of suggestions with your codebase.

Review vulnerable dependency

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107




_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

via cfe-dev
This is from the clang-tidy plugin that Zach wrote (clang-tools-extra/clang-tidy-vs/ClangTidy/).

I haven't published any packages for that, in fact I'm not sure where it is published.

Zach: is this still maintained or should we remove it, or update the YamlDotNet dependency?

On Fri, Oct 19, 2018 at 2:18 PM, Jonas Toth via cfe-dev <[hidden email]> wrote:

+Hans, I believe he packaged the visual studio plugin this seems to come from.


Am 17.10.2018 um 07:00 schrieb Will Dietz via cfe-dev:
Hi folks, haven't looked into it but thought I'd forward this in case it's useful and worth acting on.  Apologies if entirely noise, but better safe than sorry :).

Happy LLVM-ing,
~Will

---------- Forwarded message ---------
From: GitHub <[hidden email]>
Date: Tue, Oct 16, 2018, 12:02 PM
Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
To: llvm-mirror/clang-tools-extra <[hidden email]>
Cc: Security alert <[hidden email]>



We found a potential security vulnerabilty in one of your dependencies dtzWill,

We found a potential security vulnerability in a repository for which you have been granted security alert access.

@llvm-mirror llvm-mirror/clang-tools-extra
Known high severity security vulnerability detected in YamlDotNet <= 4.3.2 defined in packages.config.
packages.config update suggested: YamlDotNet ~> 5.0.0.
Always verify the validity and compatibility of suggestions with your codebase.

Review vulnerable dependency

Only users who have been assigned access to security alerts will receive these notifications.

Unsubscribe · Email preferences · Terms · Privacy · Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107




_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev



_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability

via cfe-dev
Someone else told me about this recently too.  Let's delete this from the repository.

On Fri, Oct 26, 2018 at 1:45 AM Hans Wennborg <[hidden email]> wrote:
This is from the clang-tidy plugin that Zach wrote (clang-tools-extra/clang-tidy-vs/ClangTidy/).

I haven't published any packages for that, in fact I'm not sure where it is published.

Zach: is this still maintained or should we remove it, or update the YamlDotNet dependency?

On Fri, Oct 19, 2018 at 2:18 PM, Jonas Toth via cfe-dev <[hidden email]> wrote:

+Hans, I believe he packaged the visual studio plugin this seems to come from.


Am 17.10.2018 um 07:00 schrieb Will Dietz via cfe-dev:
Hi folks, haven't looked into it but thought I'd forward this in case it's useful and worth acting on.  Apologies if entirely noise, but better safe than sorry :).

Happy LLVM-ing,
~Will

---------- Forwarded message ---------
From: GitHub <[hidden email]>
Date: Tue, Oct 16, 2018, 12:02 PM
Subject: [llvm-mirror/clang-tools-extra] One of your dependencies may have a security vulnerability
To: llvm-mirror/clang-tools-extra <[hidden email]>
Cc: Security alert <[hidden email]>



We found a potential security vulnerabilty in one of your dependencies dtzWill,

We found a potential security vulnerability in a repository for which you have been granted security alert access.

@llvm-mirror llvm-mirror/clang-tools-extra
Known high severity security vulnerability detected in YamlDotNet <= 4.3.2 defined in packages.config.
packages.config update suggested: YamlDotNet ~> 5.0.0.
Always verify the validity and compatibility of suggestions with your codebase.

Review vulnerable dependency

Only users who have been assigned access to security alerts will receive these notifications.

Unsubscribe · Email preferences · Terms · Privacy · Sign into GitHub

GitHub, Inc.
88 Colin P Kelly Jr St.
San Francisco, CA 94107




_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev


_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev



_______________________________________________
cfe-dev mailing list
[hidden email]
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev