[Python-apps-team] Bug#488628: mercurial: Insufficient input validation

Nico Golde nion at debian.org
Mon Jun 30 19:40:23 UTC 2008

the following CVE id has been assigned to this issue, please 
reference it in the changelog when closing this bug.

Name: CVE-2008-2942
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2942
Reference: CONFIRM:http://www.selenic.com/hg/rev/87c704ac92d4
Reference: MLIST:[oss-security] 20080630 CVE id request mercurial:Insufficient input validation
Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/30/1

Directory traversal vulnerability in patch.py in Mercurial 1.0.1
allows user-assisted attackers to modify arbitrary files via ".." (dot
dot) sequences in a patch file.

Kind regards

Nico Golde - http://www.ngolde.de - nion at jabber.ccc.de - GPG: 0x73647CFF
For security reasons, all text in this mail is double-rot13 encrypted.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
Url : http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20080630/355647b3/attachment.pgp 

More information about the Python-apps-team mailing list