Back to mercurial PTS page

Accepted mercurial 4.0-1+deb9u2 (source) into oldstable

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Mon, 27 Jul 2020 16:22:16 -0400
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source
Version: 4.0-1+deb9u2
Distribution: stretch-security
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Roberto C. Sanchez <roberto@debian.org>
Description:
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system (common
Closes: 892964 901050 927674
Changes:
 mercurial (4.0-1+deb9u2) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Team.
   * CVE-2017-17458: fix arbitrary code execution with malformed git
     repositories
   * CVE-2018-13348: mpatch: be more careful about parsing binary patch data
     (Closes: #901050)
   * CVE-2018-13347: mpatch: protect against underflow in mpatch_apply
     (Closes: #901050)
   * CVE-2018-13346: mpatch: ensure fragment start isn't past the end of orig
     (Closes: #901050)
   * CVE-2018-1000132: Incorrect Access Control vulnerability in Protocol
     server that can result in Unauthorized data access (Closes: #892964)
   * CVE-2019-3902: Fix a vulnerability where symlinks and subrepositories could
     be used defeat Mercurial's path-checking logic and write files outside the
     repository root. (Closes: #927674)
Checksums-Sha1:
 f6b10896ac6374ac07c998ac188532e42876694c 2427 mercurial_4.0-1+deb9u2.dsc
 2326af52a9748ab5e529691871b890603803ebb0 117480 mercurial_4.0-1+deb9u2.debian.tar.xz
 bb6716432596a02a73c33cb6aba52a6805f96a43 7673 mercurial_4.0-1+deb9u2_amd64.buildinfo
Checksums-Sha256:
 01fb3c0ab234431ba7a64d190c030dd963337efc97023df8bad228d96bb1f67b 2427 mercurial_4.0-1+deb9u2.dsc
 c034a87b9aa4a02f4852c9447518b4520ab9ece7c8f0d4c27953d64c97c2c883 117480 mercurial_4.0-1+deb9u2.debian.tar.xz
 be3e77aa3be7b5c654b4ec5de8621387661c1dfef375168ce1778a1ef0dc2dba 7673 mercurial_4.0-1+deb9u2_amd64.buildinfo
Files:
 fa3c566b78b2b74a297d2d3a628a5210 2427 vcs optional mercurial_4.0-1+deb9u2.dsc
 8e501ecac4749cebec2a0ec9906f6596 117480 vcs optional mercurial_4.0-1+deb9u2.debian.tar.xz
 05a4dcd617d5ef28e156dda40dd99595 7673 vcs optional mercurial_4.0-1+deb9u2_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl8fQPYACgkQLNd4Xt2n
sg8U6w/+NovHboRnuYhwZgPoi9WczjJuBYu1F2KbQ/7nH9LccnWUkitxXBwt42vz
JXjkwL7eg7QSy11lIEQeq716cFbcq9FwGeMCNuisHOyZwGzwoQOj8a4jhCjOK6gF
ATsb/jNxv4I8/PIb3c1MIYmh/hi8Thn58J8HXh0//aWXg2+erJlxM0t6a0BvKxUv
sdpVsnyB/tcOetHjooxf+jTCv2pJoXkpvz669d+EJA/MePD+9dvUmRRrCkVl4lnw
Ch4xHvXWltfUcmtkrmF29kR6LY3QUGJOTon+eyjwwvdWlh3cLsCBzFWo+qZKdT14
enfRccqvXLJA3dPtaAJvkerlvVYlkYXy3fggqEBs0mfSH5rVdIULb58IOB71V2hz
5HoHm+hRGYPhrtdLZm8dCs4T13WNbkqvQqnuQBDZwWpF1ncqdQQ6vsJbjymw3ugq
LEp7u82IhY0ssILr6Si2Hopg0LdFNUWAl8CRjhgMYJy1Xp0RkJpkpa6ERwgMa/ll
9DkEe8wmPhvwzu1vq2XT/sQoCzCl+xO2/7sCJUm0L/gwKX59RJ5ym9FYaDBYep/+
G9qIZ4/EruYuaWQ4ybt1qSo1Gra5Db0WxJNiXo+4XYtmGPlO5tZ2EzvABCNKFrcC
0wfl3OHFfMJrkvT+ikZGivLum8B2MZM8rX6dQqTdZ0iZSVz2Hsk=
=OE8B
-----END PGP SIGNATURE-----