[Python-apps-team] Bug#783237: CVE-2014-9462
Alessandro Ghedini
ghedo at debian.org
Fri May 1 18:53:28 UTC 2015
On Fri, May 01, 2015 at 07:16:07PM +0100, Javi Merino wrote:
> On Fri, Apr 24, 2015 at 01:21:56PM +0200, Moritz Muehlenhoff wrote:
> > Package: mercurial
> > Severity: important
> > Tags: security
> >
> > Please see
> > http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html
> >
> > Fix:
> > http://selenic.com/hg/rev/e3f30068d2eb
>
> I've prepared a fix for this, find the diff attached. Can I upload it
> to stable-security?
> Index: debian/changelog
> ===================================================================
> --- debian/changelog (revisión: 11645)
> +++ debian/changelog (copia de trabajo)
> @@ -1,3 +1,11 @@
> +mercurial (3.1.2-2+deb8u1) stable-security; urgency=high
Please use jessie-security instead of stable-security.
Otherwise the upload looks good. Once the above is fixed you can go ahead and
upload to security-master. Remember to build the package with full upstream
sources (dpkg-buildpackage -sa), since this would be the first upload to
jessie-security for mercurial.
Also, the vulnerability seems to affect the wheezy version as well, could you
please prepare an upload targeting wheezy-security as well?
Thanks for your help.
Cheers
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20150501/739a794d/attachment.sig>
More information about the Python-apps-team
mailing list