[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[SECURITY] [DLA 1764-1] mercurial security update



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Package        : mercurial
Version        : 3.1.2-2+deb8u7
CVE ID         : CVE-2019-3902
Debian Bug     : #927674

It was discovered that there was a path traversal vulnerability in
the "mercurial" distributed revision version control system.

Symbolic links and subrepositories could be used defeat Mercurial's
path-checking logic and write files outside the repository root.

For Debian 8 "Jessie", this issue has been fixed in mercurial version
3.1.2-2+deb8u7.

We recommend that you upgrade your mercurial packages.


Regards,

- -- 
      ,''`.
     : :'  :     Chris Lamb
     `. `'`      lamby@debian.org / chris-lamb.co.uk
       `-

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzB7uYACgkQHpU+J9Qx
HlhIWhAAo+ifxwrm/7ZsDfWkAn27/3oEHCBK/QKMNLuRIdK9YI368buAJAWntwBZ
3MF+fYlBbnrv4HRSjfo6GTEOvcjLx8hdavjdFQ5pJdFmxdv1ffrXgzXfuhip6vFS
k1UcnrU136DAegV9o+MNgDfsV/+/3FY7xPP1CvGXLrI9yh6W2SP20dpmSxjET588
lWaK5ts2nkg33j4M45stGGjSzTp06TYcBKkbUUEtKm64SmGBPT5kDIC6e2EMkaj1
7V9pHeybjpmKNSzLseAystlNOpietpSzvlpnfYfT9XZkkaYWDDK03zKSpri0O1yt
KWkCULHXSQPuRXz5fb5OgIfGhDlm/2G6kqUg8WeD/RTLb1U/o88xBd7rA0aLFBgV
6A1KThE7q0Q/CAHjvoN02RmhaNua+H7OheZD+ULPZJADuBu21xViKUYGdvoyDaor
su/g4X26RABpATXlyWKaPzRI6/QVvU6koLt3hIOR/oljTfdFS56r0jEfnORzh+08
atILUNDeCKqjUg0fYzcE8P7ybBDNSKrFwd99nb2O7AoUuN15TfCWT7LXfyXePUx1
I7kE/yrWr+wSTp4clHkCXNCELqvVeltYLaOOZJJWvl5HRQ3rc+uEMWema8+5Trj3
BXn8WRymkhDX5WbPbAyf2p2O6OxBDiuHtL+MbCzVoVdIYhrU6tg=
=crEM
-----END PGP SIGNATURE-----


Reply to: