Back to mercurial PTS page

Accepted mercurial 3.1.2-2+deb8u5 (source all amd64) into oldstable



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Thu, 05 Jul 2018 15:32:32 -0400
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source all amd64
Version: 3.1.2-2+deb8u5
Distribution: jessie-security
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system (common
Closes: 861243 892964 901050
Changes:
 mercurial (3.1.2-2+deb8u5) jessie-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2017-9462: fix remote code execution by using --debugger as a
     repository name (Closes: #861243)
   * CVE-2017-17458: fix arbitrary code execution with malformed git
     repositories
   * CVE-2018-1000132: Incorrect Access Control vulnerability in Protocol
     server that can result in Unauthorized data access (Closes: #892964)
   * OVE-20180430-0001: mpatch: be more careful about parsing binary patch data
     (Closes: #901050)
   * OVE-20180430-0002: mpatch: protect against underflow in mpatch_apply
   * OVE-20180430-0004: mpatch: ensure fragment start isn't past the end of orig
Checksums-Sha1:
 8e7614553bea6c829b4319b69233edfd24abacc4 1942 mercurial_3.1.2-2+deb8u5.dsc
 fb4f110a6bd23b6df1dda2f7edcb679dc81ff03d 72512 mercurial_3.1.2-2+deb8u5.debian.tar.xz
 569ac4c53c105dba8df415a17e46aacbc021300d 1604322 mercurial-common_3.1.2-2+deb8u5_all.deb
 a524c993688782a24dd2a11aac66d44d317161a8 61034 mercurial_3.1.2-2+deb8u5_amd64.deb
Checksums-Sha256:
 40105a4095a8f107cb9eaf9029c4a701bfec810d70dbfe6bf9a18e872bc81f47 1942 mercurial_3.1.2-2+deb8u5.dsc
 a78cae21139e98a7bc689b0490ad8c087761fb5bd03406090010f308f36c1455 72512 mercurial_3.1.2-2+deb8u5.debian.tar.xz
 10b7e97656f88ed2b9debb1b8580097bf56db05e07aac05e5809abbb7a8cc61c 1604322 mercurial-common_3.1.2-2+deb8u5_all.deb
 1b1858939bb92784e279b614c3cb834107a28fe3eed6b184ebe1c9eadbac1a74 61034 mercurial_3.1.2-2+deb8u5_amd64.deb
Files:
 8f967474eda96c7cb20c652db95e99cf 1942 vcs optional mercurial_3.1.2-2+deb8u5.dsc
 2eb0467f4f6ea848c7660eef1fce13af 72512 vcs optional mercurial_3.1.2-2+deb8u5.debian.tar.xz
 2f63e513a1f11276385f292935a69600 1604322 vcs optional mercurial-common_3.1.2-2+deb8u5_all.deb
 1fd035e9903a03477cdbb2de76691c36 61034 vcs optional mercurial_3.1.2-2+deb8u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAls+fL4ACgkQPqHd3bJh
2Xvuhgf/fSNcWEtuPqqfp/t0xJVPGRI7F3yrPrvClpRQfXxFYTMCZUKxAMkjHCYp
J2RW8X3pUxI+OBIfW7d9QH42yzlOt41RuQdONFCm/9nklZmtY3EUS8jl7GmFnuYI
j+5ag0bJg9qcRdUz6+Y7dHedGqOwuZ8vtVbZvXEO1HCHkN/dW0oEmVa5dGOxHEmF
ZmvQU1UPQlvooJbDFD6WP08Zh91Ny3ew49EQYDCwJFSYDs5/ufpZ7nE7wUpcDzez
h9kdJpqP/v6W37CZ1j0efz5v77GI6nJdDo8EE5w2MjG2RTkOBFgYSqX625v4ud8N
TzgGhnw2jLAzl0mp+1z859E29I6bCw==
=/YkQ
-----END PGP SIGNATURE-----