[Secure-testing-commits] r55162 - data/CVE

Antoine Beaupré anarcat at moszumanska.debian.org
Mon Aug 28 18:05:25 UTC 2017 

Author: anarcat
Date: 2017-08-28 18:05:25 +0000 (Mon, 28 Aug 2017)
New Revision: 55162

Modified:
   data/CVE/list
Log:
update mercurial status: suse is useless and point to 3.7/4.1 backports



Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-08-28 17:41:19 UTC (rev 55161)
+++ data/CVE/list	2017-08-28 18:05:25 UTC (rev 55162)
@@ -2634,8 +2634,8 @@
 	NOTE: https://public-inbox.org/git/xmqqh8xf482j.fsf@gitster.mtv.corp.google.com/T/#u
 CVE-2017-1000116 [command injection on clients through malicious ssh URLs]
 	- mercurial 4.3.1-1 (bug #871710)
-	NOTE: SUSE has patches for 2.3, 2.8, 3.8 and 4.2: https://www.suse.com/security/cve/CVE-2017-1000116/
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
+	NOTE: 11 patches need to be applied, the following are for 4.2:
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/53224b1ffbc2
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/e10745311406
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/f93975a5ebe8
@@ -2647,12 +2647,13 @@
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/ca398a50ca00
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/00a75672a9cb
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/943c91326b23
+	NOTE: 3.7 and 4.1 backports also available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1
 CVE-2017-1000115 [path traversal via symlink]
 	- mercurial 4.3.1-1 (bug #871709)
-	NOTE: SUSE has patches for 2.3, 2.8, 3.8 and 4.2: https://www.suse.com/security/cve/CVE-2017-1000116/
 	NOTE: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.3_.282017-08-10.29
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/47ea28293d30 (test)
 	NOTE: https://www.mercurial-scm.org/repo/hg/rev/377e8ddaebef (fix)
+	NOTE: 3.7 and 4.1 backports available at https://bitbucket.org/atlassian/mercurial/commits/branch/sec-3.7 and https://bitbucket.org/octobus/mercurial-backport/branch/backport-4.1CVE-2017-12777
 CVE-2017-12777 (Cross-Site Scripting (XSS) exists in NexusPHP version v1.5 via some ...)
 	NOT-FOR-US: NexusPHP
 CVE-2017-12776 (SQL injection vulnerability in reports.php in NexusPHP 1.5 allows ...)

More information about the Secure-testing-commits mailing list