mercurial 3.7.3-1ubuntu1.1 source package in Ubuntu
Changelog
mercurial (3.7.3-1ubuntu1.1) xenial-security; urgency=medium * SECURITY UPDATE: The convert extension might allow attackers to execute arbitrary code via a crafted git repository name. - debian/patches/CVE-2016-3105.patch: Pass absolute paths to git. - CVE-2016-3105 * SECURITY UPDATE: hg server --stdio allows remote authenticated users to launch the Python debugger and execute arbitrary code. - debian/patches/CVE-2017-9462.patch: Protect against malicious hg serve --stdio invocations. - CVE-2017-9462 * SECURITY UPDATE: A specially malformed repository can cause GIT subrepositories to run arbitrary code. - debian/patches/CVE-2017-17458_part1.patch: add test-audit-subrepo.t testcase. - debian/patches/CVE-2017-17458_part2.patch: disallow symlink traversal across subrepo mount point. - CVE-2017-17458 * SECURITY UPDATE: Missing symlink check could be abused to write to files outside the repository. - debian/patches/CVE-2017-1000115.patch: Fix symlink traversal. - CVE-2017-1000115 * SECURITY UPDATE: Possible shell-injection attack from not adequately sanitizing hostnames passed to ssh. - debian/patches/CVE-2017-1000116.patch: Sanitize hostnames passed to ssh. - CVE-2017-1000116 * SECURITY UPDATE: Integer underflow and overflow. - debian/patches/CVE-2018-13347.patch: Protect against underflow. - debian/patches/CVE-2018-13347-extras.patch: Protect against overflow. - CVE-2018-13347 * SECURITY UPDATE: Able to start fragment past of the end of original data. - debian/patches/CVE-2018-13346.patch: Ensure fragment start is not past then end of orig. - CVE-2018-13346 * SECURITY UPDATE: Data mishandling in certain situations. - debian/patches/CVE-2018-13348.patch: Be more careful about parsing binary patch data. - CVE-2018-13348 * SECURITY UPDATE: Vulnerability in Protocol server can result in unauthorized data access. - debian/patches/CVE-2018-1000132.patch: Always perform permissions checks on protocol commands. - CVE-2018-1000132 -- Eduardo Barretto <email address hidden> Tue, 13 Nov 2018 16:10:13 -0200
Upload details
- Uploaded by:
- Eduardo Barretto
- Uploaded to:
- Xenial
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- vcs
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
mercurial_3.7.3.orig.tar.gz | 4.4 MiB | c099c42d74e2d520b61dd372cd996b0fa7605c06617834fd7b13c79b9a9a5b30 |
mercurial_3.7.3-1ubuntu1.1.debian.tar.xz | 63.5 KiB | a8a6dd672b0f9f0f82a1a89d23e7aae8146fa4afddbde721d77887003af8e932 |
mercurial_3.7.3-1ubuntu1.1.dsc | 2.3 KiB | 885ed4600fea0f24f30ae9d6ded6d73ea08416875295165cbb965a5c6325840a |
Available diffs
Binary packages built by this source
- mercurial: easy-to-use, scalable distributed version control system
Mercurial is a fast, lightweight Source Control Management system designed
for efficient handling of very large distributed projects.
.
Its features include:
* O(1) delta-compressed file storage and retrieval scheme
* Complete cross-indexing of files and changesets for efficient exploration
of project history
* Robust SHA1-based integrity checking and append-only storage model
* Decentralized development model with arbitrary merging between trees
* High-speed HTTP-based network merge protocol
* Easy-to-use command-line interface
* Integrated stand-alone web interface
* Small Python codebase
.
This package contains the architecture dependent files.
- mercurial-common: easy-to-use, scalable distributed version control system (common files)
Mercurial is a fast, lightweight Source Control Management system designed
for efficient handling of very large distributed projects.
.
This package contains the architecture independent components of Mercurial,
and is generally useless without the mercurial package.
- mercurial-dbgsym: debug symbols for package mercurial
Mercurial is a fast, lightweight Source Control Management system designed
for efficient handling of very large distributed projects.
.
Its features include:
* O(1) delta-compressed file storage and retrieval scheme
* Complete cross-indexing of files and changesets for efficient exploration
of project history
* Robust SHA1-based integrity checking and append-only storage model
* Decentralized development model with arbitrary merging between trees
* High-speed HTTP-based network merge protocol
* Easy-to-use command-line interface
* Integrated stand-alone web interface
* Small Python codebase
.
This package contains the architecture dependent files.