This is the mail archive of the
cygwin
mailing list for the Cygwin project.
Updated package needed for mercurial 3.7.3 security update
- From: Andy Moreton <andrewjmoreton at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Sat, 02 Apr 2016 18:52:16 +0100
- Subject: Updated package needed for mercurial 3.7.3 security update
- Authentication-results: sourceware.org; auth=none
Hi,
The current package is for mercurial 3.5.1, but upstream have released
3.7.3 as a security release, with fixes for:
CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
Release announcement is here:
http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523
Can the cygwin mercurial maintainer please issue an updated package.
Thanks,
AndyM
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple