[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 459-1] mercurial security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : mercurial
Version        : 2.2.2-4+deb7u3
CVE ID         : CVE-2016-3105

Blake Burkhart discovered an arbitrary code execution flaw in
Mercurial, a distributed version control system, when using the convert
extension on Git repositories with specially crafted names. This flaw in
particular affects automated code conversion services that allow
arbitrary repository names.

Patches are taken from the Jessie version.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQJ8BAEBCgBmBQJXLMbBXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ2MjAxRkJGRkRCQkRFMDc4MjJFQUJCOTY5
NkZDQUMwRDM4N0I1ODQ3AAoJEJb8rA04e1hHZu8QAKSoTcsEd785J5F2sgZNeoTk
yEPO4K9JFFjg7luBJiuxjP3vUH0mO9VBm/7H9ILFroLJ9FSCK3YqP3iY5frsWg0a
mZJ1Rouy71VqZvjluWSsMXWlC2upZdAIa/Q6FLeSnkC45lORbtKNFv/gayHc+jJ7
FLotHDOzKQYRMDukCEp/eHKWdHb7h7H+jXUySWdBwrAZEsJqTOqRyBpawqmaUaWF
vMREB4iWaNyTuUi2itsGff2ZW9eHRewmyxqmuvWqu0PKmaPiY+Khe0mLjcAXcAQd
qt2NmRDD0gxKkyxNPYWhXkLPOzc92iNfvk+d+5uXDCAwk99m0RF8ASDmgC4cmL4S
O7khXNoMY890qRO9VaDbPSbnoqtMwXDc58J/uJCX1xs11B9QKveaTzFSOgG8ual2
gPOBbLHlYZ50f0Dbu8ktiCImlbxwKtb2qkcztPayn37FieNWOPZhxWhUzJdtwpoW
zXYiRv/PfT8o1lBnmUp0mSZmrsKDTpMetWiAAC7j5XYb2Fz0V5RheAYRMwHRke29
IsCthAKPo0HDKEDwizAROKHvbwdHcN3S52MnBiX+up2AnXxMQOoTzTrO6lpSqv6e
8O6eP3QmlWTyedPkv0F/vQLSnxlhFKyY8Om9PUzJaFCvIc0va6VCKsoJGvlho3Nh
rCdGb8Iu2TwuWQFXMFV3
=0Nd7
-----END PGP SIGNATURE-----


Reply to: