Mercurial 4.7.2 released
Augie Fackler
raf at durin42.com
Mon Oct 1 22:43:19 UTC 2018
> On Oct 1, 2018, at 18:35, Juan Francisco Cantero Hurtado <iam at juanfra.info> wrote:
>
> On Mon, Oct 01, 2018 at 04:13:38PM -0400, Augie Fackler wrote:
>> Please update your packaged builds, thanks.
>>
>> This release includes a fix for a potential out of bounds read if a manifest was corrupt. Backporting the fix should be straightforward, but please contact us if you need assistance.
>
> What are the commits related to the security fix? Only this?:
>
> https://www.mercurial-scm.org/repo/hg-stable/rev/094d1f42c484
That's unrelated. You want https://www.mercurial-scm.org/repo/hg-committed/rev/5405cb1a7901 for the security fix (my bad, it's not tagged (sec)) - you might want other fixes to manifest.c along with it to ease the backport.
>
>
> --
> Juan Francisco Cantero Hurtado http://juanfra.info
More information about the Mercurial-packaging
mailing list