[Dropping python-apps-team] Hi debian-lts, On Tue, May 12, 2015 at 10:15:38PM +0900, Javi Merino wrote: > Hi Raphael, > > On Mon, May 11, 2015 at 08:42:23PM +0200, Raphael Hertzog wrote: > > Hello dear maintainer(s), > > > > the Debian LTS team would like to fix the security issues which are > > currently open in the Squeeze version of mercurial: > > https://security-tracker.debian.org/tracker/CVE-2014-9462 > > https://security-tracker.debian.org/tracker/CVE-2014-9390 (optional, is > > tagged no-dsa) > > > > Would you like to take care of this yourself? We are still understaffed so > > any help is always highly appreciated. > > If you are understaffed I'm happy to help preparing the update. I'll > hopefully have time to do it tomorrow, I'll claim the DLA when I start > working on it. I've prepared a package for squeeze lts that fixes CVE-2014-9462 and CVE-2014-9390. Find attached the debdiff. I've run the testsuite in a squeeze chroot and it passes, but I'm not entirely sure that a) I haven't broken anything and b) my backport of the security fix is valid -- the code has changed a lot between mercurial 1.6.4 and 3.2.3. I'd appreciate if somebody did some more testing. The packages can be found in: https://people.debian.org/~vicho/mercurial_squeeze/ Please CC me on replies, I'm not subscribed to the list. Cheers, Javi
File lists identical (after any substitutions) Control files of package mercurial: lines which differ (wdiff format) --------------------------------------------------------------------- Architecture: [-i386-] {+amd64+} Depends: libc6 (>= 2.4), python (<< 2.7), python (>= 2.5), python-support (>= 0.90.0), ucf (>= 2.0020), mercurial-common (= [-1.6.4-1)-] {+1.6.4-1+deb6u1)+} [-.-] {+..+} Installed-Size: [-328-] {+368+} Version: [-1.6.4-1-] {+1.6.4-1+deb6u1+} Control files of package mercurial-common: lines which differ (wdiff format) ---------------------------------------------------------------------------- Breaks: mercurial (<< [-1.6.4-1)-] {+1.6.4-1+deb6u1)+} [-.-] {+..+} Installed-Size: [-5064-] {+5068+} Recommends: mercurial (= [-1.6.4-1)-] {+1.6.4-1+deb6u1)+} Version: [-1.6.4-1-] {+1.6.4-1+deb6u1+}
Attachment:
signature.asc
Description: Digital signature