Debian Package Tracker

From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
To: <debian-lts-changes@lists.debian.org> , <dispatch@tracker.debian.org>
Subject: Accepted mercurial 5.6.1-4+deb11u1 (source) into oldstable-security
Date: Thu, 27 Mar 2025 18:40:21 +0000
Signed by: Andreas Henriksson <ah@debian.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Mar 2025 19:23:02 +0100
Source: mercurial
Architecture: source
Version: 5.6.1-4+deb11u1
Distribution: bullseye-security
Urgency: medium
Maintainer: Debian Python Team <team+python@tracker.debian.org>
Changed-By: Andreas Henriksson <andreas@fatal.se>
Closes: 1100899
Changes:
 mercurial (5.6.1-4+deb11u1) bullseye-security; urgency=medium
 .
   * Non-maintainer upload by the Debian LTS Security Team.
 .
   [ Andreas Henriksson ]
   * Cherry-pick and massage bookworm (stable) patches by jcristau to apply
     on bullseye version of the package.
 .
   [ Julien Cristau ]
   * CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
   * patchbomb: don't test ambiguous address
     (fixes FTBFS after python's fix for CVE-2023-27043).
Checksums-Sha1:
 c6fdb3750f35ef3f0caa93797a3bbbec368d4009 2517 mercurial_5.6.1-4+deb11u1.dsc
 4eb123b30c2331ce39518650a9095e7e1ec8c542 7836342 mercurial_5.6.1.orig.tar.gz
 d0a68a9feefe4394af77b364ba1c8f5361d33ec5 68180 mercurial_5.6.1-4+deb11u1.debian.tar.xz
 b6c6f6f9e046a66b7e90ff0a9d05d055e003c9ab 8013 mercurial_5.6.1-4+deb11u1_source.buildinfo
Checksums-Sha256:
 0ae9602ee9ef4b5200e33e2d0f300aa9c51822982002ac384d00d59402235c0a 2517 mercurial_5.6.1-4+deb11u1.dsc
 e55c254f4904c45226a106780e57f4279aee03368f6ff6a981d5d2a38243ffad 7836342 mercurial_5.6.1.orig.tar.gz
 1b356794f1be79ef77ffbce88fb28e5553f159cb1f28856166c5b44533987047 68180 mercurial_5.6.1-4+deb11u1.debian.tar.xz
 87ff95bfbdd0b7c6b74f7055d81e2e5623ace0193dfb17ee5030c74bbb5cddbc 8013 mercurial_5.6.1-4+deb11u1_source.buildinfo
Files:
 3e7427f6e4f7859198fcbc7429cf0da3 2517 vcs optional mercurial_5.6.1-4+deb11u1.dsc
 6cd6e5476a1de5701e162aba51534f0b 7836342 vcs optional mercurial_5.6.1.orig.tar.gz
 b3b996592e798feb346d7648fb82222e 68180 vcs optional mercurial_5.6.1-4+deb11u1.debian.tar.xz
 9a4dd68e95dd4b3a10d960d7bf1d3cb9 8013 vcs optional mercurial_5.6.1-4+deb11u1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE+uHltkZSvnmOJ4zCC8R9xk0TUwYFAmflmKYACgkQC8R9xk0T
Uwb7NA/9FfkFYjpySEncBtcs9lxEfl7uw4EKUNusDHPjqN7htaY5PxZUyxw9sLlA
+4+m4yNstRcrGXHAOvPdUYARvbqxD99CyJetvbIfXWMDs47wnqxIhmPTqlngvXB3
Z800B81sbWGgvf/7Nshr/g8hxrMMBEfU9QZpComkmn5L4e0bEO+M69Hl11YvsHGO
I0Xlsfn1MyYM9CzePipXgUV79G26x1/wXgotKVb6ul1fuNDzOoqMIsqjRkNfJgP6
/1cxhbnYoGBXVMT/l2nbtlXEZxSN3KMYXqkCpMAwGj5JY3BkLv2RXV+RaDqlb+i/
8mjL6NqO9OimuKtc5X6idA38Yi49w7q1zg4RrUqe+rgdbMVx/8k21c5N9LQzbUBR
pWrKkRW5ZAOUFzaGeYjBC00CFgIQIfCpflPIgQy8bGXbnOsWMuDsqTAe0bezz9Je
ob9xm9z/n8UiyVKem3XMF5jOe2hNzNGPhj8p3uYs+zs+nNcK068K7DHMymbUFxQD
UaGxekatByJ+F+70npZ0PScj7/lsh503aJWARM3XB30gXaA7zo3ptdAU7gwJ1rD5
q8QeEKx9HZ7nuALTYTy7Ddt69m6ZKD/FRZgcHzA6qlgobUGtEa0G1R5onJ3yPylY
jtJKu40EROjOh5G0/Jn4C/eMus08bwQ3b4dphen+MDCUPPRFTrU=
=3QJo
-----END PGP SIGNATURE-----

News for package mercurial