[Python-apps-team] Bug#500781: ubuntu/debian repos

Benoit Boissinot bboissin at gmail.com
Sat Oct 4 09:03:26 UTC 2008

On Fri, Oct 3, 2008 at 3:15 PM, Vincent Danjean <vdanjean.ml at free.fr> wrote:
> Hint: if anyone can point me to a specific changeset to fix the second
> security bug fixed in 1.0.2 ("Mercurial before 1.0.2 does not enforce the
> allowpull permission"), I will backport it to 1.0.1 in the next Debian
> release (see http://bugs.debian.org/500781 )

Maybe this one:
changeset:   6465:8542fac26f63
user:        Benoit Boissinot <benoit.boissinot at ens-lyon.org>
date:        Mon May 26 14:20:26 2008 +0200
summary:     hgweb: correctly validate permissions with streamclone pulling



More information about the Python-apps-team mailing list