[SECURITY] [DLA 1764-1] mercurial security update
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Package : mercurial
Version : 3.1.2-2+deb8u7
CVE ID : CVE-2019-3902
Debian Bug : #927674
It was discovered that there was a path traversal vulnerability in
the "mercurial" distributed revision version control system.
Symbolic links and subrepositories could be used defeat Mercurial's
path-checking logic and write files outside the repository root.
For Debian 8 "Jessie", this issue has been fixed in mercurial version
3.1.2-2+deb8u7.
We recommend that you upgrade your mercurial packages.
Regards,
- --
,''`.
: :' : Chris Lamb
`. `'` lamby@debian.org / chris-lamb.co.uk
`-
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzB7uYACgkQHpU+J9Qx
HlhIWhAAo+ifxwrm/7ZsDfWkAn27/3oEHCBK/QKMNLuRIdK9YI368buAJAWntwBZ
3MF+fYlBbnrv4HRSjfo6GTEOvcjLx8hdavjdFQ5pJdFmxdv1ffrXgzXfuhip6vFS
k1UcnrU136DAegV9o+MNgDfsV/+/3FY7xPP1CvGXLrI9yh6W2SP20dpmSxjET588
lWaK5ts2nkg33j4M45stGGjSzTp06TYcBKkbUUEtKm64SmGBPT5kDIC6e2EMkaj1
7V9pHeybjpmKNSzLseAystlNOpietpSzvlpnfYfT9XZkkaYWDDK03zKSpri0O1yt
KWkCULHXSQPuRXz5fb5OgIfGhDlm/2G6kqUg8WeD/RTLb1U/o88xBd7rA0aLFBgV
6A1KThE7q0Q/CAHjvoN02RmhaNua+H7OheZD+ULPZJADuBu21xViKUYGdvoyDaor
su/g4X26RABpATXlyWKaPzRI6/QVvU6koLt3hIOR/oljTfdFS56r0jEfnORzh+08
atILUNDeCKqjUg0fYzcE8P7ybBDNSKrFwd99nb2O7AoUuN15TfCWT7LXfyXePUx1
I7kE/yrWr+wSTp4clHkCXNCELqvVeltYLaOOZJJWvl5HRQ3rc+uEMWema8+5Trj3
BXn8WRymkhDX5WbPbAyf2p2O6OxBDiuHtL+MbCzVoVdIYhrU6tg=
=crEM
-----END PGP SIGNATURE-----
Reply to: