[Python-apps-commits] r14304 - in packages/mercurial/trunk/debian (changelog)
mithrandi at users.alioth.debian.org
mithrandi at users.alioth.debian.org
Fri Aug 11 06:39:19 UTC 2017
Date: Friday, August 11, 2017 @ 06:39:18
Author: mithrandi
Revision: 14304
Close bugs along with CVEs.
Modified:
packages/mercurial/trunk/debian/changelog
Modified: packages/mercurial/trunk/debian/changelog
===================================================================
--- packages/mercurial/trunk/debian/changelog 2017-08-11 06:31:03 UTC (rev 14303)
+++ packages/mercurial/trunk/debian/changelog 2017-08-11 06:39:18 UTC (rev 14304)
@@ -4,10 +4,10 @@
* New upstream release (closes: #868014).
- CVE-2017-1000115: Mercurial's symlink auditing was incomplete prior
to 4.3, and could be abused to write to files outside the
- repository.
+ repository (closes: #871709).
- CVE-2017-1000116: Mercurial was not sanitizing hostnames passed to
ssh, allowing shell injection attacks by specifying a hostname
- starting with -oProxyCommand.
+ starting with -oProxyCommand (closes: #871710).
- CVE-2017-9462: previously fixed in 4.1.3 upstream (closes: #861243).
* Blacklist test-https.t due to TLS 1.0/1.1 being disabled in OpenSSL in
unstable.
More information about the Python-apps-commits
mailing list