[oss-security] Dulwich security issue (fwd)

Mads Kiilerich mads at kiilerich.com
Mon Mar 23 16:50:39 EDT 2015

On 03/23/2015 04:00 PM, Adi Kriegisch wrote:
> 0.9.9 seems to be a fix for 0.9.8 that does a version update too but it
> does not seem to be pip installable from any known sources.

It is now available with
pip install --upgrade dulwich==0.9.9
- after patching Kallithea setup.py and expanding the supported range 
and running setup.py develop/install

Can someone who knows/uses git test and verify that version works with 

It seems like 0.9.9 also supports Python 2.6 too so it should perhaps be 
made both the min and max supported version in Kallithea for now.

> I downloaded the source locally, applied the patch and installed within the
> venv. Actually I hope Kallithea will soon be Debian packaged to make fixing
> of issues like that easier... :)

I would say quite the opposite: Having it in a virtualenv makes it easy 
to update just that one component with conflicts with other 
requirements. But whatever works for you ... ;-)


More information about the kallithea-general mailing list