Debian Package Tracker

From: Antoine Beaupré <anarcat@debian.org>
To: <dispatch@tracker.debian.org> , <debian-lts-changes@lists.debian.org>
Subject: Accepted mercurial 2.2.2-4+deb7u5 (source all amd64) into oldoldstable
Date: Tue, 29 Aug 2017 13:00:17 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 28 Aug 2017 13:52:40 -0400
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source all amd64
Version: 2.2.2-4+deb7u5
Distribution: wheezy-security
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Antoine Beaupré <anarcat@debian.org>
Description:
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system (common
Closes: 871709 871710
Changes:
 mercurial (2.2.2-4+deb7u5) wheezy-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2017-1000115: path traversal via symlink (Closes: #871709)
   * CVE-2017-1000116: command injection on clients through malicious ssh
     URLs (Closes: #871710)
Checksums-Sha1:
 6fb2dd78aa228ff76b4bedb73e5efd2d27120550 2178 mercurial_2.2.2-4+deb7u5.dsc
 6d31df7afe5d6ac239e8867885adfe02e0533c2c 59366 mercurial_2.2.2-4+deb7u5.debian.tar.gz
 1c974209139a08b77c6741743f3ac8fef606c35a 2322134 mercurial-common_2.2.2-4+deb7u5_all.deb
 1eee6aeb3f8bb76c2f59c2665b004cce4b44c39d 93016 mercurial_2.2.2-4+deb7u5_amd64.deb
Checksums-Sha256:
 316870a85dae48cddbabce37da77abe1812a773d8ece3c8e5608cb937297fbc0 2178 mercurial_2.2.2-4+deb7u5.dsc
 ec9629a6b5b54665178398ed2abe44a45ad87dae34a1cca9d9d23ed7518256b1 59366 mercurial_2.2.2-4+deb7u5.debian.tar.gz
 f30f8bee2d0292d50992825d18656a629df73f0901d7c88efc30650d0a200679 2322134 mercurial-common_2.2.2-4+deb7u5_all.deb
 5c22ecdc5377309058bea07e077e373bf345f56cc2735ef0089efb766b9e7126 93016 mercurial_2.2.2-4+deb7u5_amd64.deb
Files:
 82de8d5ffea873006003ed24f399ed9f 2178 vcs optional mercurial_2.2.2-4+deb7u5.dsc
 5aa73250e81594dcad00bb4f4d73de12 59366 vcs optional mercurial_2.2.2-4+deb7u5.debian.tar.gz
 bde3a929060dd163db7033f11d4243f1 2322134 vcs optional mercurial-common_2.2.2-4+deb7u5_all.deb
 7a053b3df17040dfc7d3de61793739fc 93016 vcs optional mercurial_2.2.2-4+deb7u5_amd64.deb

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEjckBzmQUbASK1Q+7eSFSUnt1kh4FAlmlW8EACgkQeSFSUnt1
kh5kmBAAr0RzjzIB2h2Q8s+fhZZiqRJ5z6n2XDKD/CksFDlt2/l5ueLnq3YrIAb/
Lfv06VK4kmh5Ln1XUW0yvtmfkbE1TgAQu4E5dV+T6kuO2pVGPeTq/GbXngJfzXBW
Iui9yxLnTJZlE2K0WYrSwVGnS8iN4GefrRbuKn4NepX5LsJ/CMydb0DFUxktOD93
jQuXEjVn0cskV02IfIxUMnSCRbtBA2JcHboeiveoMg1vUBQvMG8XLobwh8b+7CfW
oaxEtz3MZraouYDheojzMP7FV+J2NWPFQN2jZVbSs7zhwhkTJj+duDDp6zUQci10
rDlmi7FaVwPz3PQtJB22JPz8oBCgIpIviqZc5YhZHssmAJFKY5B4koLo16+w9gig
azmEDncMgbQqYJxOFDzm3PTJxmhwPmAdHpC/BP5YosX2+v4tyNn8eakhf38CLIFU
oehnnc4nGy3BFXk96dmKbfmiiacqcTd2QYw/ePMc1nvDKPxnH038ILJlNJpHEN4a
gSLWeJWbV8NKtEZ96mRgcAj1CYF/S087aDQ/MBeox1lwI1oQyAeOATWGINb70+Bq
SyFcY81Hn0ZQdNvS0BLbXVTY/TrOjK4Yxvu8Mvp2+2/RVL/mqIpXjXoyX+wChBvu
Rnq5qLyyyepPS1UAoYTbLIgCB8t90U5GKO8ZDJkmq5E2tGNwfvM=
=BUty
-----END PGP SIGNATURE-----
News for package mercurial
