-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Tue, 02 Jun 2015 20:54:24 +0100 Source: mercurial Binary: mercurial-common mercurial Architecture: source all amd64 Version: 1.6.4-1+deb6u1 Distribution: squeeze-lts Urgency: medium Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Javi Merino <vicho@debian.org> Description: mercurial - scalable distributed version control system mercurial-common - scalable distributed version control system (common files) Changes: mercurial (1.6.4-1+deb6u1) squeeze-lts; urgency=medium . [Javi Merino] * Fix "CVE-2014-9462" by adding patch from_upstream__sshpeer_more_thorough_shell_quoting.patch * Fix "CVE-2014-9390: Errors in handling case-sensitive directories allow for remote code execution on pull" by adding patches from_upstream__encoding_add_hfsignoreclean_to_clean_out_HFS-ignored_characters.patch, from_upstream__pathauditor_check_for_codepoints_ignored_on_OS_X.patch, and from_upstream__pathauditor_check_for_Windows_shortname_aliases.patch . [Guido Günther] * Fix "CVE-2014-9462" by adding patch from_upstream__sshpeer_even_more_thorough_shell_quoting.patch * Run tests for CVE-2014-9390 by adding patch from_upstream__test_CVE-2014-930.patch Checksums-Sha1: 9c795fcc363d5410300866226a7d685cefd78d35 2160 mercurial_1.6.4-1+deb6u1.dsc 36660cf4c690da639d8147efcbaeab91a5d2ce12 35876 mercurial_1.6.4-1+deb6u1.debian.tar.gz fcd16eb994f585c5ef7bc4f10720a668a57db8e8 1340048 mercurial-common_1.6.4-1+deb6u1_all.deb 7cfa90c6274f65f4b736b64d2ea08846f96d878f 77524 mercurial_1.6.4-1+deb6u1_amd64.deb Checksums-Sha256: 5d1919830d3c1d866aa1ba8fc8de12fed067feb6d07e6880c7e8a721c7a06ae7 2160 mercurial_1.6.4-1+deb6u1.dsc cf3856a0bdf5af3cc718e3e874aca12a9abcff753724ba5241efcb3ce388b498 35876 mercurial_1.6.4-1+deb6u1.debian.tar.gz dfa5d7a81d56c8d10ddc9b0cd2ea9b013b4d0d49eecb405c3cf66631449b3535 1340048 mercurial-common_1.6.4-1+deb6u1_all.deb f6b2e6c2bc580489efaa3b1d00f4658b38d7daf346526a2b6e04b6722d4b049f 77524 mercurial_1.6.4-1+deb6u1_amd64.deb Files: da01d8b17b7cb2d91763e6adf47ef51c 2160 vcs optional mercurial_1.6.4-1+deb6u1.dsc faef69f74c957823e096edaf7abaf5b1 35876 vcs optional mercurial_1.6.4-1+deb6u1.debian.tar.gz 48ef22963cc4d586f6354c48f82584b8 1340048 vcs optional mercurial-common_1.6.4-1+deb6u1_all.deb 6d316fc4f22c7ec4f6ea97e3876609c3 77524 vcs optional mercurial_1.6.4-1+deb6u1_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJVbgsHAAoJEAe0hFJ2jTgkGV4P/iEmnZBpg2whoYKUZ0wuCIjv ad5eNBh2oFCIxs9/DCxR6ugqaAtIiszRvSLF5cQne2IJGHIms7HyDTJ42/8AkXAz VKepjGKo8d/+NMVGfqlUsWjL9Mq9DX42k+sriIIqcIFigyYVhizBRrlMzEoMLFNc cWLtRUqdREmWQbQ854EMXaJQAa+cZfn+bfl3fhqoL8i4XadrOb03Ha2UnJkwB/dN nXN+i7Gz/2SR9Cvntu1Fubvlx8VG6Sev1KwpZ2Z6ElkqTTORlEn42lz9ZLj1dZxP eFV90a3ZYFN8N3cGDjbxWzCjsSdzetkRMadPgKes9At7PcJYbQD6aUSD3JDhTR0b UdCHG+Jy7CbfHKXSZkYVldYfEHtDCAHJ+3iEHTqVblMAGibjKa2vEtJc/tbXuaX8 KeJis51a+2yYkXLmj5eloDAhDof0vkQGBLcjmCHIxv7p5Mz4aeQjISKpDOAAr8Ei 9XFw/Jum9N0ifOn2OhYgmgfQ5t9GAuUZzx/GBRnmySRDL244riXEbzrXE5iHK541 ICrj4SbhDwsEoOWCngPYY7SsH86XSEDriV2Odx1jnjhMK7bYuFGXDLWd6pmE16uM GDZ/c6nX+ChAQxv7J/kUe8/vxEMo0sB1XIlqGW7u+0S9H1Zad3zkgGv907tWbk6X YZRnYSN1m/6LUM/ewllC =yXpj -----END PGP SIGNATURE-----