Mercurial 4.7.2 released

Augie Fackler raf at durin42.com
Mon Oct 1 22:43:19 UTC 2018



> On Oct 1, 2018, at 18:35, Juan Francisco Cantero Hurtado <iam at juanfra.info> wrote:
> 
> On Mon, Oct 01, 2018 at 04:13:38PM -0400, Augie Fackler wrote:
>> Please update your packaged builds, thanks.
>> 
>> This release includes a fix for a potential out of bounds read if a manifest was corrupt. Backporting the fix should be straightforward, but please contact us if you need assistance.
> 
> What are the commits related to the security fix? Only this?:
> 
> https://www.mercurial-scm.org/repo/hg-stable/rev/094d1f42c484

That's unrelated. You want https://www.mercurial-scm.org/repo/hg-committed/rev/5405cb1a7901 for the security fix (my bad, it's not tagged (sec)) - you might want other fixes to manifest.c along with it to ease the backport.

> 
> 
> -- 
> Juan Francisco Cantero Hurtado http://juanfra.info




More information about the Mercurial-packaging mailing list