-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Fri, 01 Apr 2016 22:51:48 +0200 Source: mercurial Binary: mercurial-common mercurial Architecture: source all amd64 Version: 2.2.2-4+deb7u2 Distribution: wheezy-security Urgency: high Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: mercurial - easy-to-use, scalable distributed version control system mercurial-common - easy-to-use, scalable distributed version control system (common Closes: 819504 Changes: mercurial (2.2.2-4+deb7u2) wheezy-security; urgency=high . * CVE-2016-3630: + mpatch: rewrite pointer overflow checks (prerequisite for the following) + parsers: fix list sizing rounding error + parsers: detect short records * CVE-2016-3068: + subrepo: set GIT_ALLOW_PROTOCOL to limit git clone protocols * CVE-2016-3069: + convert: add new, non-clowny interface for shelling out to git + convert: rewrite calls to Git to use the new shelling mechanism + convert: dead code removal - old git calling functions + convert: rewrite gitpipe to use common.commandline + convert: test for shell injection in git calls Closes: #819504 Checksums-Sha1: 312521447cfbf886d168441b61df63c2202efd0b 2164 mercurial_2.2.2-4+deb7u2.dsc 2454b00f21ac9676da89600b004bae0e294d5d7a 50657 mercurial_2.2.2-4+deb7u2.debian.tar.gz 4713d1438c1f4ed810089ade7a8c662df0bbdf51 2324960 mercurial-common_2.2.2-4+deb7u2_all.deb 15332c9fdb6439d7974c12cdb29d47b2d06617cd 93336 mercurial_2.2.2-4+deb7u2_amd64.deb Checksums-Sha256: 7e7f259ce8b9690d5e7ff1b5d6c9fb8bdc32daef412f3bfa876a8d02782d8d39 2164 mercurial_2.2.2-4+deb7u2.dsc 765a1c55b1f44ee21c22d3defa5499499199888145bb4d0ba724e83fd95235fb 50657 mercurial_2.2.2-4+deb7u2.debian.tar.gz 4fc801b8c827d9ad7d2f2de6fe46fc3b4b85680eda6283544cc8208607390d10 2324960 mercurial-common_2.2.2-4+deb7u2_all.deb 726874d1d91fd78e91e3a81faf58675292d4d64a51b24897816bec3622bdf5f8 93336 mercurial_2.2.2-4+deb7u2_amd64.deb Files: effd7642cb0a60494740790fb81ff436 2164 vcs optional mercurial_2.2.2-4+deb7u2.dsc 06c072a5f1be9a71eb53fc82af782f1e 50657 vcs optional mercurial_2.2.2-4+deb7u2.debian.tar.gz 4d5de4fb9280473937204150504ddaaa 2324960 vcs optional mercurial-common_2.2.2-4+deb7u2_all.deb 1ce86af92568a418bddf9db911f01eed 93336 vcs optional mercurial_2.2.2-4+deb7u2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJXAvE+AAoJEJ2wI1VW+M+tuGwQAIOumNfqB/jEqxvYY6cpdw1o qIZoYp01CIcAptg+sSfGoYjFUUGtB6AJJiot3lEMm0BB/D+LfqpxewyyqIq/mwlR tk9AIOfb/oaFP7QzOgKYBolqdYdWF0njXzV5xnGMOUjJh+9lE2dvgULnLVY/7Fa8 FfzMbO8YYvVYE9PDAERZoi+GTD65uzzNJCHo5GkXCWl58Z1hIi7HZux21nNw5XDX 3RI4RT8bCoj5bGEp7Be6R/PiuvUsWCF9f6+ShV2aDvFOSCZXW4iGETffN8EX4yr/ TXL5uG6NBi1FT9cajupLSr7s/A+RoBkyPc5fR1mJOu7nxVANJkU8Sg6btADBWqY2 qYEo2xSxF+QDdPh0DAlOWyHYm6leJRwhJH547POL0Obn7x6kftfqCzKv3AylvK1D 1FPuVdQsGF9Ut+ItNCg9FC0f2rypjIu6cvBnsXkzp2RVFcNwYD2o7CXEYWD0Ws2i Nn6EYEFWXThMl9pxJLA/juRDV8aZkOGmKh414gKhRn5ZSjohdluaJcrrLrqVYQJk 093+t6cG80RpPB5U0+0MhXWuSAftJur++gdQyJ3U7vwqENoKVJpACWwa/PNo1tfx uQ/SEaFNb61RzZrtJjxsmpjU10mm1ovBLvi8yZwfKbZY4/naAWRMXEn1+mjPPawh 4xVFpje1/6L7+gVkM2ZI =Wn53 -----END PGP SIGNATURE-----