-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 28 Aug 2017 22:08:28 +0200 Source: mercurial Binary: mercurial-common mercurial Architecture: source all amd64 Version: 3.1.2-2+deb8u4 Distribution: jessie-security Urgency: medium Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Julien Cristau <jcristau@debian.org> Description: mercurial - easy-to-use, scalable distributed version control system mercurial-common - easy-to-use, scalable distributed version control system (common Changes: mercurial (3.1.2-2+deb8u4) jessie-security; urgency=medium . * CVE-2017-1000115: path traversal via symlink * CVE-2017-1000116: command injection on clients through malicious ssh URLs Checksums-Sha1: 0068df39cf948d0685aa7c292dd3ee9dc8165394 2287 mercurial_3.1.2-2+deb8u4.dsc 6f59376f9e549d71dbec96068eea07e6de2dee8a 59220 mercurial_3.1.2-2+deb8u4.debian.tar.xz ce9a5506cc2a25d53cf78dacc1dbe05cff21d212 1603358 mercurial-common_3.1.2-2+deb8u4_all.deb 7028b0197d1368d1b04db6c71d0da1bb8729d91b 60140 mercurial_3.1.2-2+deb8u4_amd64.deb Checksums-Sha256: 740fdb848ff4ab80028cef06e0402d0e30b26c2614c5b6a5a9a16533011c165d 2287 mercurial_3.1.2-2+deb8u4.dsc 4e84c829f960516f058ffe85d205b96a3b23123d6c3268f251d1a558239fb889 59220 mercurial_3.1.2-2+deb8u4.debian.tar.xz d3481299cd40f5129e92bfc000bf55953bffbf2e92d6538b868b79fbaa538727 1603358 mercurial-common_3.1.2-2+deb8u4_all.deb 75b9fa5be204f157ac0525f83cc58ae31a2e0dacd3c80c0930bf1ff24d4d61d4 60140 mercurial_3.1.2-2+deb8u4_amd64.deb Files: 79a0fdf5a0430ef53884da4fd0190046 2287 vcs optional mercurial_3.1.2-2+deb8u4.dsc a2f0ae799ba1a6525842e8cfc92641e7 59220 vcs optional mercurial_3.1.2-2+deb8u4.debian.tar.xz 3c637603ef4f00449e0e2c25f6573e78 1603358 vcs optional mercurial-common_3.1.2-2+deb8u4_all.deb f9d664c7b745d919ffa3c8c3b7fc7b76 60140 vcs optional mercurial_3.1.2-2+deb8u4_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAlmofbYACgkQnbAjVVb4 z61goQ//SCodGr9MP9Mh4n16Jp55A3FQy18mid/5awfaOJOO2yfxAJEGQee/rEtI 57nL7Xm7uqpewBV7zQl9lzrTbS/lr1pclsbhIJESqGjGQyc88d8VBjelOIfCYgFf TKKVtWc3RcCV9TxgsjuRCrVSb24X3wjLeCgoAFA4RZ+OCMCEobKq+KYY8uJWvLXt hnDNt/tbx12zlqpYYbMJPmmPq/z/1wecwPhfV8bkTfKoeFDkV4zWQZf0FPiKN9m3 5wgyjvGajc94fvO/R9G/7y11btoq1TQt9AdnaqmimlekRsoQBOw3qW7hsjPVKvEx 88tR/rHNOHU2kym86aZvazixoqDgkpmSDSH0IzYQIQ2vGR/M+S1MAuW8+RZpnIwy qCqIVUgBf++CXZMzIi8JxMxXAt8zCnsY8KBufDRV9+3Zb7WJK3urIFe461bjZEuc TWjvK/UKYRyTQiktqPOWJwfJD9xk90HodzPVgWuSwuV3y5tv+rz/ORQw+DZ0l6Iz 3nHCeMM2W/KpQ7jhDN48JU8yBU1NPrKZOGUuXoei2SB8lxOeLNNKuoOqe2Lqy5pH LEjhNeV2WWHJyLvrLQlCS3Iovm9mn8b7nP1GMVGwBIlWqfcmgdQGb8E93Z+gmzM+ J4OriPKfHcMA659mlTZg/p3UzBANOwGdfz1USx8iLBYASgTIfAg= =TN9J -----END PGP SIGNATURE-----