[Secure-testing-commits] r55162 - data/CVE
Antoine Beaupré
anarcat at moszumanska.debian.org
Mon Aug 28 18:05:25 UTC 2017
Author: anarcat
Date: 2017-08-28 18:05:25 +0000 (Mon, 28 Aug 2017)
New Revision: 55162
Modified:
data/CVE/list
Log:
update mercurial status: suse is useless and point to 3.7/4.1 backports
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2017-08-28 17:41:19 UTC (rev 55161)
+++ data/CVE/list 2017-08-28 18:05:25 UTC (rev 55162)
@@ -2634,8 +2634,8 @@
NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
CVE-2017-1000116 [command injection on clients through malicious ssh URLs]
- mercurial 4.3.1-1 (bug #871710)
- NOTE: SUSE has patches for 2.3, 2.8, 3.8 and 4.2: https://www.suse.com/security/cve/CVE-2017-1000116/
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
+ NOTE: 11 patches need to be applied, the following are for 4.2:
NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2
NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406
NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8
@@ -2647,12 +2647,13 @@
NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00
NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb
NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23
+ NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1
CVE-2017-1000115 [path traversal via symlink]
- mercurial 4.3.1-1 (bug #871709)
- NOTE: SUSE has patches for 2.3, 2.8, 3.8 and 4.2: https://www.suse.com/security/cve/CVE-2017-1000116/
NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test)
NOTE: https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef (fix)
+ NOTE: 3.7 and 4.1 backports available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1CVE-2017-12777
CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some ...)
NOT-FOR-US: NexusPHP
CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows ...)
More information about the Secure-testing-commits
mailing list