[ubuntu/bionic-updates] mercurial 4.5.3-1ubuntu2.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Mon Oct 4 18:28:31 UTC 2021

Previous message (by thread): [ubuntu/bionic-updates] mongodb 1:3.6.3-0ubuntu1.4 (Accepted)
Next message (by thread): [ubuntu/bionic-proposed] linux-restricted-modules-azure-4.15 4.15.0-1125.138 (Accepted)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

mercurial (4.5.3-1ubuntu2.2) bionic-security; urgency=medium

  * SECURITY UPDATE: OOB reads
    - debian/patches/CVE-2018-17983.patch: fix OOB read of corrupted manifest
      entry in mercurial/cext/manifest.c.
    - CVE-2018-17983
  * SECURITY UPDATE: Write to arbitrary files outside a repository by using
    symlinks in subrepositories
    - debian/patches/CVE-2019-3902-pre.patch: subrepo: extend path auditing test
      to include more weird patterns (SEC)
    - debian/patches/CVE-2019-3902-1.patch: subrepo: prohibit variable
      expansion on creation of hg subrepo (SEC)
    - debian/patches/CVE-2019-3902-3.patch: subrepo: reject potentially unsafe
      subrepo paths (BC) (SEC)
    - CVE-2019-3902

Date: 2021-10-01 15:55:30.532198+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/mercurial/4.5.3-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.

Previous message (by thread): [ubuntu/bionic-updates] mongodb 1:3.6.3-0ubuntu1.4 (Accepted)
Next message (by thread): [ubuntu/bionic-proposed] linux-restricted-modules-azure-4.15 4.15.0-1125.138 (Accepted)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Bionic-changes mailing list