[Python-apps-team] Bug#500781: CVE-2008-4297: privilege escalation
steffen.joeris at skolelinux.de
Wed Oct 1 11:49:53 UTC 2008
the following CVE (Common Vulnerabilities & Exposures) id was
published for mercurial.
| Mercurial before 1.0.2 does not enforce the allowpull permission
| setting for a pull operation from hgweb, which allows remote attackers
| to read arbitrary files from a repository via an "hg pull" request.
I am not sure about the severity of this issue, could you please investigate it?
There might be some additional information on the rpath page and the selenic
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
More information about the Python-apps-team