[ubuntu/bionic-updates] mercurial 4.5.3-1ubuntu2.2 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Mon Oct 4 18:28:31 UTC 2021
mercurial (4.5.3-1ubuntu2.2) bionic-security; urgency=medium
* SECURITY UPDATE: OOB reads
- debian/patches/CVE-2018-17983.patch: fix OOB read of corrupted manifest
entry in mercurial/cext/manifest.c.
- CVE-2018-17983
* SECURITY UPDATE: Write to arbitrary files outside a repository by using
symlinks in subrepositories
- debian/patches/CVE-2019-3902-pre.patch: subrepo: extend path auditing test
to include more weird patterns (SEC)
- debian/patches/CVE-2019-3902-1.patch: subrepo: prohibit variable
expansion on creation of hg subrepo (SEC)
- debian/patches/CVE-2019-3902-3.patch: subrepo: reject potentially unsafe
subrepo paths (BC) (SEC)
- CVE-2019-3902
Date: 2021-10-01 15:55:30.532198+00:00
Changed-By: leo.barbosa at canonical.com (Leonidas S. Barbosa)
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/mercurial/4.5.3-1ubuntu2.2
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list