[Git][reproducible-builds/diffoscope-website][master] Update metadata and news to match release of version 256

Chris Lamb (@lamby) gitlab at salsa.debian.org
Fri Feb 9 20:26:57 UTC 2024 


Chris Lamb pushed to branch master at Reproducible Builds / diffoscope-website


Commits:
2a330b17 by Chris Lamb at 2024-02-09T12:26:46-08:00
Update metadata and news to match release of version 256

- - - - -


2 changed files:

- _data/diffoscope.yml
- + _posts/2024-02-09-diffoscope-256-released.md


Changes:

=====================================
_data/diffoscope.yml
=====================================
@@ -107,5 +107,5 @@ description: 'File formats supported include: Android APK files, Android boot im
   (.xsb), XML files, XMLB files, XZ compressed files, ZIP archives and Zstandard compressed
   files.'
 latest_release:
-  date: 1706287445
-  version: '255'
+  date: 1707510157
+  version: '256'


=====================================
_posts/2024-02-09-diffoscope-256-released.md
=====================================
@@ -0,0 +1,22 @@
+---
+layout: post
+title: diffoscope 256 released
+author: Chris Lamb <lamby at debian.org>
+---
+
+The diffoscope maintainers are pleased to announce the release of diffoscope
+version `256`. This version includes the following changes:
+
+```
+* Use a determistic name when extracting content from GPG artifacts instead
+  of trusting the value of gpg's --use-embedded-filenames. This prevents a
+  potential information disclosure vulnerability that could have been
+  exploited by providing a specially-crafted GPG file with an embedded
+  filename of, say, "../../.ssh/id_rsa". Many thanks to Daniel Kahn Gillmor
+  <dkg at debian.org> for reporting this issue and providing feedback.
+  (Closes: reproducible-builds/diffoscope#361)
+* Temporarily fix support for Python 3.11.8 re. a potential regression
+  with the handling of ZIP files. (See reproducible-builds/diffoscope#362)
+```
+
+You find out more by [visiting the project homepage](https://diffoscope.org).



View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope-website/-/commit/2a330b176fb664106152cfdef333e94a9127032b

-- 
View it on GitLab: https://salsa.debian.org/reproducible-builds/diffoscope-website/-/commit/2a330b176fb664106152cfdef333e94a9127032b
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.reproducible-builds.org/pipermail/rb-commits/attachments/20240209/0ad90601/attachment.htm>

More information about the rb-commits mailing list