mercurial 4.3.1-1 source package in Ubuntu
Changelog
mercurial (4.3.1-1) unstable; urgency=high
* Urgency high because of important security fixes.
* New upstream release (closes: #868014).
- CVE-2017-1000115: Mercurial's symlink auditing was incomplete prior
to 4.3, and could be abused to write to files outside the
repository (closes: #871709).
- CVE-2017-1000116: Mercurial was not sanitizing hostnames passed to
ssh, allowing shell injection attacks by specifying a hostname
starting with -oProxyCommand (closes: #871710).
- CVE-2017-9462: previously fixed in 4.1.3 upstream (closes: #861243).
* Blacklist test-https.t due to TLS 1.0/1.1 being disabled in OpenSSL in
unstable.
* Fix license definitions in debian/copyright.
* Bump Standards-Version to 4.0.0 (no changes).
* Run wrap-and-sort -t -s.
-- Tristan Seligmann <email address hidden> Fri, 11 Aug 2017 05:00:16 +0200
Upload details
- Uploaded by:
- Python Applications Packaging Team
- Uploaded to:
- Sid
- Original maintainer:
- Python Applications Packaging Team
- Architectures:
- any all
- Section:
- vcs
- Urgency:
- Very Urgent
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| mercurial_4.3.1-1.dsc | 2.2 KiB | 5f8e9e8ba017f4a4fac3895dad636457c91b69ff4eab0193ad8b46736b351133 |
| mercurial_4.3.1.orig.tar.gz | 5.2 MiB | 2b12f02e3a452adff4ec9cf007017bab0cadb3f37eaf12f4b25a662df73618a2 |
| mercurial_4.3.1-1.debian.tar.xz | 52.8 KiB | 451bbaf7dca2d99c2c2eb18a4e275f06b7abf5f5784b08d3caf045d38d5b1832 |
Available diffs
- diff from 4.0-1 to 4.3.1-1 (1.8 MiB)
No changes file available.
Binary packages built by this source
- mercurial: No summary available for mercurial in ubuntu artful.
No description available for mercurial in ubuntu artful.
- mercurial-common: No summary available for mercurial-common in ubuntu artful.
No description available for mercurial-common in ubuntu artful.
- mercurial-dbgsym: No summary available for mercurial-dbgsym in ubuntu artful.
No description available for mercurial-dbgsym in ubuntu artful.
