Debian Package Tracker

From: Tristan Seligmann <mithrandi@debian.org>
To: <debian-devel-changes@lists.debian.org>
Subject: Accepted mercurial 4.3.1-1 (source) into unstable
Date: Fri, 11 Aug 2017 10:19:31 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 11 Aug 2017 05:00:16 +0200
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source
Version: 4.3.1-1
Distribution: unstable
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Tristan Seligmann <mithrandi@debian.org>
Description:
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system (common
Closes: 861243 868014 871709 871710
Changes:
 mercurial (4.3.1-1) unstable; urgency=high
 .
   * Urgency high because of important security fixes.
   * New upstream release (closes: #868014).
     - CVE-2017-1000115: Mercurial's symlink auditing was incomplete prior
       to 4.3, and could be abused to write to files outside the
       repository (closes: #871709).
     - CVE-2017-1000116: Mercurial was not sanitizing hostnames passed to
       ssh, allowing shell injection attacks by specifying a hostname
       starting with -oProxyCommand (closes: #871710).
     - CVE-2017-9462: previously fixed in 4.1.3 upstream (closes: #861243).
   * Blacklist test-https.t due to TLS 1.0/1.1 being disabled in OpenSSL in
     unstable.
   * Fix license definitions in debian/copyright.
   * Bump Standards-Version to 4.0.0 (no changes).
   * Run wrap-and-sort -t -s.
Checksums-Sha1:
 57dc975c17618107ecb3d528e3fd861ea444b13f 2225 mercurial_4.3.1-1.dsc
 06cde0a5d555d5c62bb7f791409fd91910c28553 5475042 mercurial_4.3.1.orig.tar.gz
 75081b06541acd75272849b335ace0b956bfdc3e 54052 mercurial_4.3.1-1.debian.tar.xz
 f4c8f729dd7902939cdb4bb9960193f7fac53ead 6564 mercurial_4.3.1-1_source.buildinfo
Checksums-Sha256:
 5f8e9e8ba017f4a4fac3895dad636457c91b69ff4eab0193ad8b46736b351133 2225 mercurial_4.3.1-1.dsc
 2b12f02e3a452adff4ec9cf007017bab0cadb3f37eaf12f4b25a662df73618a2 5475042 mercurial_4.3.1.orig.tar.gz
 451bbaf7dca2d99c2c2eb18a4e275f06b7abf5f5784b08d3caf045d38d5b1832 54052 mercurial_4.3.1-1.debian.tar.xz
 c4731ef459b2c8c5052e1ddd3340ed1a50a3f45b527f519be7a9cc10ea813faf 6564 mercurial_4.3.1-1_source.buildinfo
Files:
 b597cc62d5e567d9f08dad59d0e0ab64 2225 vcs optional mercurial_4.3.1-1.dsc
 b9cbdcf0bd41a2b385b35b9fbfeb0eea 5475042 vcs optional mercurial_4.3.1.orig.tar.gz
 3d5ba7aa476ab96bbcb55cb4094786af 54052 vcs optional mercurial_4.3.1-1.debian.tar.xz
 e72925b9e61deb79b06af897182a98c6 6564 vcs optional mercurial_4.3.1-1_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQGpBAEBCgCTFiEEXAZWhXVRbQoz/6ejwImQ+x9jeJMFAlmNgVBfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDVD
MDY1Njg1NzU1MTZEMEEzM0ZGQTdBM0MwODk5MEZCMUY2Mzc4OTMVHG1pdGhyYW5k
aUBkZWJpYW4ub3JnAAoJEMCJkPsfY3iT+RgIAK/PRNDVfhalbNjeY3e4pQUslNeD
NOuUoi7ViMfpPUnmkLy4N+TFNm6yj52o0e/RUSB6qS6KumfybIYnMnifIzxbip4U
YNKrl5drg2CHZYgTrfG+cHJEDKHiibbH2yZ0m0zqcKqxpEJKAPZLekCmLgy4bAi4
4iPYlXKEugRaiyCx2yteoaqDp1fPrpE4yhZCYUqH6YayLwSWeYo4ViGGGxQwOE7G
wRlUSSXIy9mZEhj3DJwgWgtKJQrYIV1mwWatB8ObzSzn0ArVMO/VukyL7rbsRNUY
fWzC8eh6Hs2GlU0pNaeV6SxHOPXfTqvwvFcFuf80wv0CdxZaCXLZOyXNEok=
=Nttf
-----END PGP SIGNATURE-----
News for package mercurial
