Aw: Accepted mercurial 4.0-1+deb9u2 (source) into oldstable

[Roland Hammer <sderot49@go4more.de>]

Bitte löschen Sie die e-Mail Adresse aus Ihrem Server. Herr Hammer ist verstorben

 

 

Gesendet: Montag, 27. Juli 2020 um 23:10 Uhr
Von: "Debian FTP Masters" <ftpmaster@ftp-master.debian.org>
An: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Betreff: Accepted mercurial 4.0-1+deb9u2 (source) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jul 2020 16:22:16 -0400
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source
Version: 4.0-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
mercurial - easy-to-use, scalable distributed version control system
mercurial-common - easy-to-use, scalable distributed version control system (common
Closes: 892964 901050 927674
Changes:
mercurial (4.0-1+deb9u2) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Team.
* CVE-2017-17458: fix arbitrary code execution with malformed git
repositories
* CVE-2018-13348: mpatch: be more careful about parsing binary patch data
(Closes: #901050)
* CVE-2018-13347: mpatch: protect against underflow in mpatch_apply
(Closes: #901050)
* CVE-2018-13346: mpatch: ensure fragment start isn't past the end of orig
(Closes: #901050)
* CVE-2018-1000132: Incorrect Access Control vulnerability in Protocol
server that can result in Unauthorized data access (Closes: #892964)
* CVE-2019-3902: Fix a vulnerability where symlinks and subrepositories could
be used defeat Mercurial's path-checking logic and write files outside the
repository root. (Closes: #927674)
Checksums-Sha1:
f6b10896ac6374ac07c998ac188532e42876694c 2427 mercurial_4.0-1+deb9u2.dsc
2326af52a9748ab5e529691871b890603803ebb0 117480 mercurial_4.0-1+deb9u2.debian.tar.xz
bb6716432596a02a73c33cb6aba52a6805f96a43 7673 mercurial_4.0-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
01fb3c0ab234431ba7a64d190c030dd963337efc97023df8bad228d96bb1f67b 2427 mercurial_4.0-1+deb9u2.dsc
c034a87b9aa4a02f4852c9447518b4520ab9ece7c8f0d4c27953d64c97c2c883 117480 mercurial_4.0-1+deb9u2.debian.tar.xz
be3e77aa3be7b5c654b4ec5de8621387661c1dfef375168ce1778a1ef0dc2dba 7673 mercurial_4.0-1+deb9u2_amd64.buildinfo
Files:
fa3c566b78b2b74a297d2d3a628a5210 2427 vcs optional mercurial_4.0-1+deb9u2.dsc
8e501ecac4749cebec2a0ec9906f6596 117480 vcs optional mercurial_4.0-1+deb9u2.debian.tar.xz
05a4dcd617d5ef28e156dda40dd99595 7673 vcs optional mercurial_4.0-1+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl8fQPYACgkQLNd4Xt2n
sg8U6w/+NovHboRnuYhwZgPoi9WczjJuBYu1F2KbQ/7nH9LccnWUkitxXBwt42vz
JXjkwL7eg7QSy11lIEQeq716cFbcq9FwGeMCNuisHOyZwGzwoQOj8a4jhCjOK6gF
ATsb/jNxv4I8/PIb3c1MIYmh/hi8Thn58J8HXh0//aWXg2+erJlxM0t6a0BvKxUv
sdpVsnyB/tcOetHjooxf+jTCv2pJoXkpvz669d+EJA/MePD+9dvUmRRrCkVl4lnw
Ch4xHvXWltfUcmtkrmF29kR6LY3QUGJOTon+eyjwwvdWlh3cLsCBzFWo+qZKdT14
enfRccqvXLJA3dPtaAJvkerlvVYlkYXy3fggqEBs0mfSH5rVdIULb58IOB71V2hz
5HoHm+hRGYPhrtdLZm8dCs4T13WNbkqvQqnuQBDZwWpF1ncqdQQ6vsJbjymw3ugq
LEp7u82IhY0ssILr6Si2Hopg0LdFNUWAl8CRjhgMYJy1Xp0RkJpkpa6ERwgMa/ll
9DkEe8wmPhvwzu1vq2XT/sQoCzCl+xO2/7sCJUm0L/gwKX59RJ5ym9FYaDBYep/+
G9qIZ4/EruYuaWQ4ybt1qSo1Gra5Db0WxJNiXo+4XYtmGPlO5tZ2EzvABCNKFrcC
0wfl3OHFfMJrkvT+ikZGivLum8B2MZM8rX6dQqTdZ0iZSVz2Hsk=
=OE8B
-----END PGP SIGNATURE-----