mercurial: insufficient input validation allowing file renames out of repository
Bug #244804 reported by
tonfa
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
mercurial (Debian) |
Fix Released
|
Unknown
|
|||
mercurial (Fedora) |
Fix Released
|
Low
|
|||
mercurial (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned | ||
Gutsy |
Won't Fix
|
Undecided
|
Unassigned | ||
Hardy |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: mercurial
Copying from the red hat bug report:
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2942 to the following vulnerability:
Directory traversal vulnerability in patch.py in Mercurial 1.0.1
allows user-assisted attackers to modify arbitrary files via ".." (dot
dot) sequences in a patch file.
Upstream patch (+ test case):
http://
References:
http://
CVE References
Changed in mercurial: | |
status: | Unknown → Confirmed |
Changed in mercurial: | |
status: | Unknown → Fix Released |
Changed in mercurial (Fedora): | |
status: | Confirmed → Fix Released |
Changed in mercurial (Fedora): | |
importance: | Unknown → Low |
To post a comment you must log in.
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2942 to the following vulnerability:
Directory traversal vulnerability in patch.py in Mercurial 1.0.1
allows user-assisted attackers to modify arbitrary files via ".." (dot
dot) sequences in a patch file.
Upstream patch (+ test case): www.selenic. com/hg/ rev/87c704ac92d 4
http://
References: www.openwall. com/lists/ oss-security/ 2008/06/ 30/1
http://