Comment 18 for bug 1404035

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package mercurial - 2.0.2-1ubuntu1.2

---------------
mercurial (2.0.2-1ubuntu1.2) precise-security; urgency=medium

  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix for improperly handling case-insensitive paths on
    Windows and OS X clients
    - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
    - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
    - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a
    - CVE-2014-9390
    - LP: #1404035

  [ Marc Deslauriers ]
  * SECURITY UPDATE: arbitrary command exection via crafted repository
    name in a clone command
    - d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add
      more thorough shell quoting to mercurial/sshrepo.py.
    - CVE-2014-9462

 -- Marc Deslauriers <email address hidden> Wed, 17 Jun 2015 13:27:17 -0400