Ubuntu
mercurial package

  1. Bug #244804
  2. Comment #9

Comment 9 for bug 244804

Revision history for this message
In , Tomas (tomas-redhat-bugs) wrote :

Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2942 to the following vulnerability:

Directory traversal vulnerability in patch.py in Mercurial 1.0.1
allows user-assisted attackers to modify arbitrary files via ".." (dot
dot) sequences in a patch file.

Upstream patch (+ test case):
http://www.selenic.com/hg/rev/87c704ac92d4

References:
http://www.openwall.com/lists/oss-security/2008/06/30/1