-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 28 May 2019 15:12:35 +0200 Source: mercurial Architecture: source Version: 4.8.2-1+deb10u1 Distribution: buster Urgency: medium Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Closes: 927674 Changes: mercurial (4.8.2-1+deb10u1) buster; urgency=medium . * CVE-2019-3902: it was possible to use symlinks and subrepositories to defeat Mercurial's path-checking logic and write files outside a repository. Closes: #927674. Checksums-Sha1: cff0183b2698bf7a6110b68b93e723f7d5a7539e 2709 mercurial_4.8.2-1+deb10u1.dsc d241c4a9469658335be2598efe4aa622799433ac 64940 mercurial_4.8.2-1+deb10u1.debian.tar.xz Checksums-Sha256: e47f77a1f9555e4648e3331100318853dc81215531a18c41f731d93383038df1 2709 mercurial_4.8.2-1+deb10u1.dsc 5673d16057e140b74c0939e509a15dc4b67e18ee71cf806e9940896a42c9130c 64940 mercurial_4.8.2-1+deb10u1.debian.tar.xz Files: 9d22866948086cdf106def717f0510bf 2709 vcs optional mercurial_4.8.2-1+deb10u1.dsc c5ca6e06557021f72276e4f7dbf2821d 64940 vcs optional mercurial_4.8.2-1+deb10u1.debian.tar.xz -----BEGIN PGP SIGNATURE----- iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlztOXYUHGpjcmlzdGF1 QGRlYmlhbi5vcmcACgkQnbAjVVb4z60p7w/5AV8UiWVmoaGzSRIE0uffya/9BUK4 V4SFBrWpgKIyK1qYovIcghiHrgtJFB7HHwFz/ICWkNPLz0ujGJvmeV1AJaqTbVLc Tuh84tek6wGC2+Ei9Sg0Mzs6jkznQzXppW2nbi5lBGclXP3S5jL8TxxyP4e/ZTel uj4XesmkJNoIc2TCGQJXOBVBtq3Vit1gMFsg0dxgIoO7kxFReK62hsbvD9mZtQUP WFV3DFlIw5p2VRtvJ5uvQvyKavOob14BWSDc6vW7Kz07iwZQCemiYRzwARoj8LuU lU5X8lKTJ4Te+ZZlWe0jPNB0Batnha0MMqHvNq6YrRLZouAiEOHIY/f+Cf6r3kxh LVIryr4HynHuwKEFfClb2uimKKpk2tWoT2HdjAYwPOzMP6OkQaeqCWR+GhrPJqA0 3WZuBuVzFtdcaMqEOK4PxOaK+D5RGl1WsQl3+ozkU4NzWFWXH6EfdoP35815iAbR piTJ7xE6dpNaCXFQKnPU96cmOBT1YRU8ip7vCyiBDP3C6fBfR6mPx6jELCLwANix 95eU2BGDfGGh+JXzzEJhUCON4KIdId8uUoKoB3iDbNOkeDqzMH3zJLUGzJFPuVyB KyOqlO3f740ofnFcn/B8SPY5ptKMNvg88SKCxmabwXOGb41Z8SnAvEwdwPq0YEl/ uYTKlMMuJWZetXU= =tIsK -----END PGP SIGNATURE-----
