[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] status of nvm.stripped
|
From: |
Zack Weinberg |
|
Subject: |
Re: [Monotone-devel] status of nvm.stripped |
|
Date: |
Sun, 18 Jan 2009 09:18:32 -0800 |
On Sun, Jan 18, 2009 at 3:39 AM, Markus Wanner <address@hidden> wrote:
> I'd like to lower the required PCRE version as much as possible, since
> Fedora 9 ships with PCRE 7.3 and RHEL 5 date back to PCRE 6.6. The unit
> tests run through fine on FC9 with 7.3. I didin't test earlier PCRE
> versions, though. I remember there's a '%R' syntax change in 7.6. Can
> one install newer RPMs for fedora and RHEL easily? Shall we bother with
> older pcre versions?
I'd prefer not to drop the minimum version below the most recent point
at which an exploitable crasher bug was fixed, which (according to
pcre's NEWS file) was 7.6. There probably isn't an attack vector with
our usage but I can't prove it so I'd rather be safe.
(Can you find out if FC9 backported those fixes?)
zw
- [Monotone-devel] status of nvm.stripped, Markus Wanner, 2009/01/18
- Re: [Monotone-devel] status of nvm.stripped, Stephen Leake, 2009/01/18
- Re: [Monotone-devel] status of nvm.stripped,
Zack Weinberg <=
- Re: [Monotone-devel] status of nvm.stripped, Thomas Moschny, 2009/01/18
- Re: [Monotone-devel] status of nvm.stripped, Thomas Keller, 2009/01/18
- Re: [Monotone-devel] status of nvm.stripped, Markus Wanner, 2009/01/19
- Re: [Monotone-devel] status of nvm.stripped, Thomas Keller, 2009/01/20