[oss-security] Dulwich security issue (fwd)
Mads Kiilerich
mads at kiilerich.com
Mon Mar 23 16:50:39 EDT 2015
On 03/23/2015 04:00 PM, Adi Kriegisch wrote:
> 0.9.9 seems to be a fix for 0.9.8 that does a version update too but it
> does not seem to be pip installable from any known sources.
It is now available with
pip install --upgrade dulwich==0.9.9
- after patching Kallithea setup.py and expanding the supported range
and running setup.py develop/install
Can someone who knows/uses git test and verify that version works with
Kallithea?
It seems like 0.9.9 also supports Python 2.6 too so it should perhaps be
made both the min and max supported version in Kallithea for now.
> I downloaded the source locally, applied the patch and installed within the
> venv. Actually I hope Kallithea will soon be Debian packaged to make fixing
> of issues like that easier... :)
I would say quite the opposite: Having it in a virtualenv makes it easy
to update just that one component with conflicts with other
requirements. But whatever works for you ... ;-)
/Mads
More information about the kallithea-general
mailing list