-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 27 Jul 2020 16:22:16 -0400 Source: mercurial Binary: mercurial-common mercurial Architecture: source Version: 4.0-1+deb9u2 Distribution: stretch-security Urgency: high Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Roberto C. Sanchez <roberto@debian.org> Description: mercurial - easy-to-use, scalable distributed version control system mercurial-common - easy-to-use, scalable distributed version control system (common Closes: 892964 901050 927674 Changes: mercurial (4.0-1+deb9u2) stretch-security; urgency=high . * Non-maintainer upload by the LTS Team. * CVE-2017-17458: fix arbitrary code execution with malformed git repositories * CVE-2018-13348: mpatch: be more careful about parsing binary patch data (Closes: #901050) * CVE-2018-13347: mpatch: protect against underflow in mpatch_apply (Closes: #901050) * CVE-2018-13346: mpatch: ensure fragment start isn't past the end of orig (Closes: #901050) * CVE-2018-1000132: Incorrect Access Control vulnerability in Protocol server that can result in Unauthorized data access (Closes: #892964) * CVE-2019-3902: Fix a vulnerability where symlinks and subrepositories could be used defeat Mercurial's path-checking logic and write files outside the repository root. (Closes: #927674) Checksums-Sha1: f6b10896ac6374ac07c998ac188532e42876694c 2427 mercurial_4.0-1+deb9u2.dsc 2326af52a9748ab5e529691871b890603803ebb0 117480 mercurial_4.0-1+deb9u2.debian.tar.xz bb6716432596a02a73c33cb6aba52a6805f96a43 7673 mercurial_4.0-1+deb9u2_amd64.buildinfo Checksums-Sha256: 01fb3c0ab234431ba7a64d190c030dd963337efc97023df8bad228d96bb1f67b 2427 mercurial_4.0-1+deb9u2.dsc c034a87b9aa4a02f4852c9447518b4520ab9ece7c8f0d4c27953d64c97c2c883 117480 mercurial_4.0-1+deb9u2.debian.tar.xz be3e77aa3be7b5c654b4ec5de8621387661c1dfef375168ce1778a1ef0dc2dba 7673 mercurial_4.0-1+deb9u2_amd64.buildinfo Files: fa3c566b78b2b74a297d2d3a628a5210 2427 vcs optional mercurial_4.0-1+deb9u2.dsc 8e501ecac4749cebec2a0ec9906f6596 117480 vcs optional mercurial_4.0-1+deb9u2.debian.tar.xz 05a4dcd617d5ef28e156dda40dd99595 7673 vcs optional mercurial_4.0-1+deb9u2_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEz9ERzDttUsU/BH8iLNd4Xt2nsg8FAl8fQPYACgkQLNd4Xt2n sg8U6w/+NovHboRnuYhwZgPoi9WczjJuBYu1F2KbQ/7nH9LccnWUkitxXBwt42vz JXjkwL7eg7QSy11lIEQeq716cFbcq9FwGeMCNuisHOyZwGzwoQOj8a4jhCjOK6gF ATsb/jNxv4I8/PIb3c1MIYmh/hi8Thn58J8HXh0//aWXg2+erJlxM0t6a0BvKxUv sdpVsnyB/tcOetHjooxf+jTCv2pJoXkpvz669d+EJA/MePD+9dvUmRRrCkVl4lnw Ch4xHvXWltfUcmtkrmF29kR6LY3QUGJOTon+eyjwwvdWlh3cLsCBzFWo+qZKdT14 enfRccqvXLJA3dPtaAJvkerlvVYlkYXy3fggqEBs0mfSH5rVdIULb58IOB71V2hz 5HoHm+hRGYPhrtdLZm8dCs4T13WNbkqvQqnuQBDZwWpF1ncqdQQ6vsJbjymw3ugq LEp7u82IhY0ssILr6Si2Hopg0LdFNUWAl8CRjhgMYJy1Xp0RkJpkpa6ERwgMa/ll 9DkEe8wmPhvwzu1vq2XT/sQoCzCl+xO2/7sCJUm0L/gwKX59RJ5ym9FYaDBYep/+ G9qIZ4/EruYuaWQ4ybt1qSo1Gra5Db0WxJNiXo+4XYtmGPlO5tZ2EzvABCNKFrcC 0wfl3OHFfMJrkvT+ikZGivLum8B2MZM8rX6dQqTdZ0iZSVz2Hsk= =OE8B -----END PGP SIGNATURE-----
