-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Thu, 05 Jul 2018 15:32:32 -0400 Source: mercurial Binary: mercurial-common mercurial Architecture: source all amd64 Version: 3.1.2-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org> Changed-By: Antoine Beaupré <anarcat@debian.org> Description: mercurial - easy-to-use, scalable distributed version control system mercurial-common - easy-to-use, scalable distributed version control system (common Closes: 861243 892964 901050 Changes: mercurial (3.1.2-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2017-9462: fix remote code execution by using --debugger as a repository name (Closes: #861243) * CVE-2017-17458: fix arbitrary code execution with malformed git repositories * CVE-2018-1000132: Incorrect Access Control vulnerability in Protocol server that can result in Unauthorized data access (Closes: #892964) * OVE-20180430-0001: mpatch: be more careful about parsing binary patch data (Closes: #901050) * OVE-20180430-0002: mpatch: protect against underflow in mpatch_apply * OVE-20180430-0004: mpatch: ensure fragment start isn't past the end of orig Checksums-Sha1: 8e7614553bea6c829b4319b69233edfd24abacc4 1942 mercurial_3.1.2-2+deb8u5.dsc fb4f110a6bd23b6df1dda2f7edcb679dc81ff03d 72512 mercurial_3.1.2-2+deb8u5.debian.tar.xz 569ac4c53c105dba8df415a17e46aacbc021300d 1604322 mercurial-common_3.1.2-2+deb8u5_all.deb a524c993688782a24dd2a11aac66d44d317161a8 61034 mercurial_3.1.2-2+deb8u5_amd64.deb Checksums-Sha256: 40105a4095a8f107cb9eaf9029c4a701bfec810d70dbfe6bf9a18e872bc81f47 1942 mercurial_3.1.2-2+deb8u5.dsc a78cae21139e98a7bc689b0490ad8c087761fb5bd03406090010f308f36c1455 72512 mercurial_3.1.2-2+deb8u5.debian.tar.xz 10b7e97656f88ed2b9debb1b8580097bf56db05e07aac05e5809abbb7a8cc61c 1604322 mercurial-common_3.1.2-2+deb8u5_all.deb 1b1858939bb92784e279b614c3cb834107a28fe3eed6b184ebe1c9eadbac1a74 61034 mercurial_3.1.2-2+deb8u5_amd64.deb Files: 8f967474eda96c7cb20c652db95e99cf 1942 vcs optional mercurial_3.1.2-2+deb8u5.dsc 2eb0467f4f6ea848c7660eef1fce13af 72512 vcs optional mercurial_3.1.2-2+deb8u5.debian.tar.xz 2f63e513a1f11276385f292935a69600 1604322 vcs optional mercurial-common_3.1.2-2+deb8u5_all.deb 1fd035e9903a03477cdbb2de76691c36 61034 vcs optional mercurial_3.1.2-2+deb8u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEexZCBNCWcjsBljWrPqHd3bJh2XsFAls+fL4ACgkQPqHd3bJh 2Xvuhgf/fSNcWEtuPqqfp/t0xJVPGRI7F3yrPrvClpRQfXxFYTMCZUKxAMkjHCYp J2RW8X3pUxI+OBIfW7d9QH42yzlOt41RuQdONFCm/9nklZmtY3EUS8jl7GmFnuYI j+5ag0bJg9qcRdUz6+Y7dHedGqOwuZ8vtVbZvXEO1HCHkN/dW0oEmVa5dGOxHEmF ZmvQU1UPQlvooJbDFD6WP08Zh91Ny3ew49EQYDCwJFSYDs5/ufpZ7nE7wUpcDzez h9kdJpqP/v6W37CZ1j0efz5v77GI6nJdDo8EE5w2MjG2RTkOBFgYSqX625v4ud8N TzgGhnw2jLAzl0mp+1z859E29I6bCw== =/YkQ -----END PGP SIGNATURE-----