[ubuntu/bionic-security] mercurial 4.5.3-1ubuntu2.2 (Accepted)

Leonidas S. Barbosa leo.barbosa at canonical.com
Mon Oct 4 17:36:17 UTC 2021


mercurial (4.5.3-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: OOB reads
    - debian/patches/CVE-2018-17983.patch: fix OOB read of corrupted manifest
      entry in mercurial/cext/manifest.c.
    - CVE-2018-17983
  * SECURITY UPDATE: Write to arbitrary files outside a repository by using
    symlinks in subrepositories
    - debian/patches/CVE-2019-3902-pre.patch: subrepo: extend path auditing test
      to include more weird patterns (SEC)
    - debian/patches/CVE-2019-3902-1.patch: subrepo: prohibit variable
      expansion on creation of hg subrepo (SEC)
    - debian/patches/CVE-2019-3902-3.patch: subrepo: reject potentially unsafe
      subrepo paths (BC) (SEC)
    - CVE-2019-3902

Date: 2021-10-01 15:55:30.532198+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
https://launchpad.net/ubuntu/+source/mercurial/4.5.3-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.


More information about the Bionic-changes mailing list