Mercurial 3.2.3 released (security fix)

Matt Mackall mpm at selenic.com
Sun Dec 21 21:04:30 UTC 2014


On Sun, 2014-12-21 at 20:39 +0100, Javi Merino wrote:
> Hi Matt,
> 
> On Thu, Dec 18, 2014 at 03:01:24PM -0600, Matt Mackall wrote:
> > This addresses some issues we discovered in Git and Mercurial for
> > CVE-2014-9390. Please update your package builds as soon as possible.
> 
> Distributions like Debian and Ubuntu have stable releases that fix
> security issues by applying the "minimum" changes possible to the
> released version instead of upgrading to the latest version.  Jamie
> (CCed) has backported these changesets to fix this CVE in Ubuntu[0]:

The minimal set is:

>    - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
>    - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
>    - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a

-- 
Mathematics is the supreme nostalgia of our time.





More information about the Mercurial-packaging mailing list