[Python-apps-team] Bug#819504: mercurial: CVE-2016-3068 CVE-2016-3069 CVE-2016-3630
Julien Cristau
jcristau at debian.org
Wed Mar 30 11:29:20 UTC 2016
On Tue, Mar 29, 2016 at 21:34:20 +0200, Salvatore Bonaccorso wrote:
> the following vulnerabilities were published for mercurial.
>
> CVE-2016-3068[0]:
> arbitrary code execution with Git subrepos
>
> CVE-2016-3069[1]:
> arbitrary code execution when converting Git repos
>
> CVE-2016-3630[2]:
> remote code execution in binary delta decoding
>
Hi,
here's a diff for jessie, modulo s/UNRELEASED/jessie-security/ in the
changelog. OK to upload to security-master?
I'll work on wheezy next.
Cheers,
Julien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: mercurial_jessie.diff
Type: text/x-diff
Size: 31279 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/python-apps-team/attachments/20160330/9fc8465b/attachment-0001.diff>
More information about the Python-apps-team
mailing list