-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 04 Apr 2016 15:41:22 +0200 Source: mercurial Binary: mercurial-common mercurial Architecture: source all amd64 Version: 3.1.2-2+deb8u2 Distribution: jessie-security Urgency: high Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: mercurial - easy-to-use, scalable distributed version control system mercurial-common - easy-to-use, scalable distributed version control system (common Closes: 819504 Changes: mercurial (3.1.2-2+deb8u2) jessie-security; urgency=high . * CVE-2016-3630: + parsers: fix list sizing rounding error + parsers: detect short records * CVE-2016-3068: + subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols * CVE-2016-3069: + convert: add new, non-clowny interface for shelling out to git + convert: rewrite calls to Git to use the new shelling mechanism + convert: dead code removal - old git calling functions + convert: rewrite gitpipe to use common.commandline + convert: test for shell injection in git calls Closes: #819504 Checksums-Sha1: 18764a7b25256dc7b1412ddc7ea3a444dd6e2c34 2273 mercurial_3.1.2-2+deb8u2.dsc df69dd5b4b561241c6c70d6a3cc7faaf1932d96a 53104 mercurial_3.1.2-2+deb8u2.debian.tar.xz c08b338aa119e4e50f6665dc2bff6a61786d8435 1601038 mercurial-common_3.1.2-2+deb8u2_all.deb 09dd4187518be64d6f3a0cfbc2a303bcb9225737 59998 mercurial_3.1.2-2+deb8u2_amd64.deb Checksums-Sha256: a9f0e92d27935a0bdcf418260cd1d31552e311cbcf3a7112bc8ada24f73e6927 2273 mercurial_3.1.2-2+deb8u2.dsc 7d3c9f6b221605e129f2476c86017b4bb47048c4587e8376888d18d80ef196b0 53104 mercurial_3.1.2-2+deb8u2.debian.tar.xz 52c1e914ca57743c5e331f6308d0bff755c446b21e86491ca9f3339d26dfa643 1601038 mercurial-common_3.1.2-2+deb8u2_all.deb bcd724239c207424520a871956663bd55dffff265e1ad5b93dd91aefdaa2df6e 59998 mercurial_3.1.2-2+deb8u2_amd64.deb Files: 3e98ecc94ceed22414f308977c5c33ce 2273 vcs optional mercurial_3.1.2-2+deb8u2.dsc 09443346fcd32df0e48d42c0d9e9fbb7 53104 vcs optional mercurial_3.1.2-2+deb8u2.debian.tar.xz 0178734936ac3e7c0da633b8826cdf2b 1601038 vcs optional mercurial-common_3.1.2-2+deb8u2_all.deb 06da0420aa8c640110c603fbb63429f2 59998 vcs optional mercurial_3.1.2-2+deb8u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXAuJgAAoJEJ2wI1VW+M+tCyMP/2KTVmxqxwThvcnOjxfL0Dvx 2uqgZTbnlyeuPt5R65x0lCIUiRKjFjb0ESM+pBr7MnlCOvlRDC1dFkWaDPjfKm7G UD9CnoAlx09Lg6jWm/loHFWuJH42O5Pa0WeLi8DZN8QCPZcXQRc116lbbsumdhmy ivjGj+PhB3T/dU2hPARqjvhuQSTSVIOF2NjWpNEUe2/B/oXakR0lqNVkKe+Ds3Eg 9VoDUo6wL01Tskg/mC+3kgYtpogs3mSBoxeM60z3OT3z/snw5W7OE3/uRUY0qXq/ R5b9t1eCT0wAzTSHIRVL2h3HJrZaunv/rNgV0xU3epn59dAaM3eljsgbvZ0+AGTQ 3K4iN/8ooH1womB07t844OUeLV4oANCj3pRhiBS78IRoTB52NoI8HkjI9CXKKhK8 HVVjPNNgoknI9kVg+fv2Cnj0+M2bV73fuGkdDaNy6NVpcHsTKyoQDmP2kvAJboIe cJE/wYxsyhk33QiJbSuy8w3AbPcTT9yX9wPQ71BFNsoAmwNwo3yylkH5jTffuQFA W7eAxWQm4N0GSA9Tf0w9LAzy4ap1t/zRJIuwFsrCG5VEcdHha1nuEGJSxPsMOSPp pOKe/mVLySk8qoUeTQmNaYfp6CMgO7JRcwc1H8SjG8rymD6YkQTEhAsJlhvlrbbR plaFMeeQpGOrbvKlTR4P =8x3e -----END PGP SIGNATURE-----