[Python-apps-team] Bug#598841: mercurial fails to verify ssl validity in https connections

Wagner Bruna wbruna at yahoo.com
Sat Oct 2 15:26:22 UTC 2010


Package: mercurial
Version: 1.6.2-2
Severity: important
Tags: security, fixed-upstream, patch


Forwarding this upstream security issue:

http://mercurial.selenic.com/bts/issue2407

A fix is available at:

http://selenic.com/repo/hg-stable/rev/f2937d6492c5

and included in version 1.6.4.

-- System Information:
Debian Release: 5.0.6
  APT prefers stable
  APT policy: (500, 'stable'), (200, 'testing')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-vserver-686 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages mercurial depends on:
ii  libc6                         2.11.2-6   Embedded GNU C Library: Shared lib
ii  mercurial-common              1.6.2-2    scalable distributed version contr
ii  python                        2.5.2-3    An interactive high-level object-o
ii  python-support                1.0.10     automated rebuilding support for P
ii  ucf                           3.0016     Update Configuration File: preserv

mercurial recommends no packages.

Versions of packages mercurial suggests:
ii  emacs                 22.2+2-5           The GNU Emacs editor (metapackage)
ii  kdiff3                0.9.92-2           compares and merges 2 or 3 files o
pn  qct                   <none>             (no description available)
ii  tk8.4 [wish]          8.4.19-2           Tk toolkit for Tcl and X11, v8.4 -
ii  tk8.5 [wish]          8.5.3-4            Tk toolkit for Tcl and X11, v8.5 -
ii  vim                   1:7.1.314-3+lenny2 Vi IMproved - enhanced vi editor
ii  vim-gtk [vim]         1:7.1.314-3+lenny2 Vi IMproved - enhanced vi editor -

-- no debconf information





More information about the Python-apps-team mailing list