Debian Package Tracker

From: Julien Cristau <jcristau@debian.org>
To: <debian-changes@lists.debian.org>
Subject: Accepted mercurial 4.0-1+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
Date: Thu, 07 Sep 2017 21:17:54 +0000

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Sat, 12 Aug 2017 18:21:47 -0400
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source
Version: 4.0-1+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>
Changed-By: Julien Cristau <jcristau@debian.org>
Description:
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system (common
Changes:
 mercurial (4.0-1+deb9u1) stretch-security; urgency=high
 .
   * CVE-2017-1000116: command injection on clients through malicious ssh URLs
   * CVE-2017-1000115: path traversal via symlink
   * CVE-2017-9462: protect against malicious 'hg serve --stdio' invocations
Checksums-Sha1:
 c7fcfe9330262fbb42e4ce9f34b0c2ed99c3c06d 2427 mercurial_4.0-1+deb9u1.dsc
 6d213973e4ea136391818dba0f1f8a88da1a8c24 4850316 mercurial_4.0.orig.tar.gz
 737e68362e83a9f9d8881e49ff92fba4afa712bf 101944 mercurial_4.0-1+deb9u1.debian.tar.xz
Checksums-Sha256:
 ba44c9b1c5426154dd3bf44ad16b2973e4da475b8dd5d97ce9ebcd3ec472e174 2427 mercurial_4.0-1+deb9u1.dsc
 24be080745230840f214d93e9f9fb4e25510f9abbbec2e56fab18543fedc43a7 4850316 mercurial_4.0.orig.tar.gz
 83c6dee02fa4df95235a2f03baea99731a37e9d8d166362db6152a2990e6ad96 101944 mercurial_4.0-1+deb9u1.debian.tar.xz
Files:
 09e539a63ab4ddc201c11ebaa57ee4f2 2427 vcs optional mercurial_4.0-1+deb9u1.dsc
 9f0c93e1ee9098d958fbaabbd397286b 4850316 vcs optional mercurial_4.0.orig.tar.gz
 cd29539d561147b6f5456b53e1b2fe7e 101944 vcs optional mercurial_4.0-1+deb9u1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlmkXd0ACgkQnbAjVVb4
z62VyhAAkfH2B7aB3BgSxxeE9WXN1x1KefXaWECBIvvWGkWfTSgVf/XepjvGJlXH
FqsxEiiScTLXtlFcngB8w/M/00ZfwpPMO3GX371sXcgk0ncpSXlyUSPYL2bLQb1q
tjrwGbDdqNRrMYGu2ntRCSLhBb62YMiX8Un9t1GrJ33ubkZmQc+lea9RM377jTqG
0fxdiD80HrOb2kyw/vHKh9V4LyC6vN7p52Rgwk8eObbAY9OfDVuuka4/qtHIvntw
Et7W3vXk/nA02QjuZQHCplZY9dvEOcqHuLFMWKMcfnlXzCo6wEs+9HzMiQl5kaTr
M1/TBVQwZAfhNAvR2l7Z0+BntA2a9hltXTrAWwtYtq1CwJf0ckG26yfZSqMv76lW
UVcXT35oRuyqCt/xFHh2+OzqCYhLMOCvS6E4ojOoIhsEEidsT8OwDA1xnothxwPV
y8KzyMcVHyTPIUfF3UTNRfcxjsyx2L6SOiwa99fJ8mmBGscU0xxohrvY4fR0D1p/
6gmOBaiQ7karw/bU/oby2nrQPQDACJoUDQJuR5VzHw3hDZEa4xtrJcVlUkp8rTFm
75GoOly/EyRhuM+fS+BaBzSuSF4cpgcVup6of10pt0sZZi7ddGp3uUNTE4XRvA/X
Z06RAyjXBdZejGaiG7bZ6Yxk/XXcwtpii6C+IGuFOxKlMJs3HaY=
=m4km
-----END PGP SIGNATURE-----

News for package mercurial