[SECURITY] [DLA 4094-1] mercurial security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4094-1] mercurial security update
From: Andreas Henriksson <andreas@fatal.se>
Date: Thu, 27 Mar 2025 20:19:26 +0100
Message-id: <[🔎] 2o2d57bfxgjryush5izcbnjsg5vyhcl7hwewqku4uhn73ccszm@7yayaqsttdha>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-------------------------------------------------------------------------
Debian LTS Advisory DLA-4094-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                   Andreas Henriksson
March 27, 2025                                https://wiki.debian.org/LTS
-------------------------------------------------------------------------

Package        : mercurial
Version        : 5.6.1-4+deb11u1
CVE ID         : CVE-2025-2361
Debian Bug     : 1100899

A cross-site scripting vulnerability was discovered in hgweb, the
integrated stand-alone web interface of the Mercurial version control
system.

A problem in mercurial related to CVE-2023-27043 being fixed in python
was also adressed.

For Debian 11 bullseye, these problems have been fixed in version
5.6.1-4+deb11u1.

We recommend that you upgrade your mercurial packages.

For the detailed security status of mercurial please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/mercurial

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS

Attachment: signature.asc
Description: PGP signature

Reply to:

Prev by Date: [SECURITY] [DLA 4093-1] opensaml security update
Next by Date: [SECURITY] [DLA 4095-1] intel-microcode security update
Previous by thread: [SECURITY] [DLA 4093-1] opensaml security update
Next by thread: [SECURITY] [DLA 4095-1] intel-microcode security update
Index(es):
- Date
- Thread