Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <>
Subject: Accepted mercurial 6.3.2-1+deb12u1 (source) into stable-security
Date: Sat, 22 Mar 2025 12:40:10 +0000
Signed by: Julien Cristau <jcristau@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Mar 2025 13:56:44 +0100
Source: mercurial
Architecture: source
Version: 6.3.2-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Closes: 1100899
Changes:
 mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high
 .
   * CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
   * patchbomb: don't test ambiguous address (fixes FTBFS after python's
     fix for CVE-2023-27043).
Checksums-Sha1:
 8aa6392f388fc181734b26c07b1402fae0ab0ebb 2880 mercurial_6.3.2-1+deb12u1.dsc
 cba37469e3b63983e80bb005bf55fe94fefa6bf0 8092710 mercurial_6.3.2.orig.tar.gz
 3858ecc2db068e4c3edd311e58a6a8912d3ea4c8 659 mercurial_6.3.2.orig.tar.gz.asc
 efd29ec0bf28a450ab4c27cf25b8c6d41ad48713 93296 mercurial_6.3.2-1+deb12u1.debian.tar.xz
Checksums-Sha256:
 382b975e1fc3c6943ff48be9f37a8911ec16d4253869e773264f0c3b1e645265 2880 mercurial_6.3.2-1+deb12u1.dsc
 cfe6eeb5dd893ab32c0b79c1531aac420773e0fc837a35db3d4d92703df45a98 8092710 mercurial_6.3.2.orig.tar.gz
 957cfd36a65beff1ccb355bf4260680e8ddd9450e6625f693578b8e98ed33643 659 mercurial_6.3.2.orig.tar.gz.asc
 2ad627769d42e81133a310653d12849589d6e307fe9e1ba5cc8c5bb41a4c4c57 93296 mercurial_6.3.2-1+deb12u1.debian.tar.xz
Files:
 202a2046a716be28986b066ff5adb822 2880 vcs optional mercurial_6.3.2-1+deb12u1.dsc
 37f5c2c5efee02fe25a0f344b2e3ca72 8092710 vcs optional mercurial_6.3.2.orig.tar.gz
 abbb05c2fe78fe30bf6cc110873c7d30 659 vcs optional mercurial_6.3.2.orig.tar.gz.asc
 3228c9a8399a9ecec84f20d35c8955f6 93296 vcs optional mercurial_6.3.2-1+deb12u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmfcQAQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60Pmw//eXXDSy0v/kOuetvEtCptRQMvBvHd
DsXTQBnA8PMpaLqncnYL7zo5GjwjsoYsugsQ6jUcD3Za/MdzmdPlYkHZkZw0LCzG
XlKrm4MZi7Ha4yisRgkJ4D0p7X8wXlqTkoCA/wSRXMRciU8BURM8llYD/juU+sXq
zjZTfiHdZHDz/qV82rOUZ2sqgGVX899q0rgtjnLYmjj3ntH02U3EtODLltWu+tKD
q4l+TcIrgZdR/6er1EQ7IiUCWYrxkXmKm31lSIzmmzWFDrcqemEBQG8PxeAuwCmR
VknvzkxZ624bJqqoo1i55F1Y3Q3n5vuVhrKiWUrER9vmitICWOhUCTkresLfTx24
t7q+uePEH+92JfGN6cXmUTB8LwzaXAB8EX/IbRAD4nHh5X6wrGo5L5lGJmxddMXI
b2m7w7IO5HZASIZFtUIwXWbPIEvHNkdQq9CAFWxOW+KnbXge63UfVOYZ4vXgRvyC
J7Gq50UVBzx5pzbgtn2Hk05lZp7bQZiX/xbxrGGij6VXohClmmObeBPEBqray/uX
+hQwfrh1j2twtEhdzu0fRM04aodISp8HaRzhzGj4O9yPMpJLiYdzx+rKlw3cYxUP
UOSsKMBEe6XsXNpe1kLxCz1aJGmYcSko+wW9dNmsAQO4u+j3VwHLVmoeT/hJNvMK
cke9nb3y/wlJke4=
=sfyt
-----END PGP SIGNATURE-----

News for package mercurial