This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Security update needed for mercurial

From: Andy Moreton <andrewjmoreton at gmail dot com>
To: cygwin at cygwin dot com
Date: Tue, 19 Apr 2016 17:30:01 +0100
Subject: Re: Security update needed for mercurial
Authentication-results: sourceware.org; auth=none
References: <86h9fjdhkf dot fsf at gmail dot com>

On Sat 02 Apr 2016, Andy Moreton wrote:

> Hi,
>
> The current package is for mercurial 3.5.1, but upstream have released
> 3.7.3 as a security release, with fixes for:
>
> CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
> CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
> CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
>
> Release announcement is here:
> http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523
>
> Can the cygwin mercurial maintainer please issue an updated package.
>

Is the mercurial maintainer still reading the list ?

    AndyM


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

Follow-Ups:
- Re: Security update needed for mercurial
  - From: Corinna Vinschen

References:
- Updated package needed for mercurial 3.7.3 security update
  - From: Andy Moreton

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]