Mercurial 3.2.3 released (security fix)
Matt Mackall
mpm at selenic.com
Sun Dec 21 21:04:30 UTC 2014
On Sun, 2014-12-21 at 20:39 +0100, Javi Merino wrote:
> Hi Matt,
>
> On Thu, Dec 18, 2014 at 03:01:24PM -0600, Matt Mackall wrote:
> > This addresses some issues we discovered in Git and Mercurial for
> > CVE-2014-9390. Please update your package builds as soon as possible.
>
> Distributions like Debian and Ubuntu have stable releases that fix
> security issues by applying the "minimum" changes possible to the
> released version instead of upgrading to the latest version. Jamie
> (CCed) has backported these changesets to fix this CVE in Ubuntu[0]:
The minimal set is:
> - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
> - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
> - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-packaging
mailing list