[ubuntu/disco-updates] mercurial 4.8.2-1ubuntu3.19.04.1 (Accepted)

Ubuntu Archive Robot cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk
Tue Aug 6 15:28:06 UTC 2019

mercurial (4.8.2-1ubuntu3.19.04.1) disco-security; urgency=medium

  * SECURITY UPDATE: Write to arbitrary files outside a repository by using
    symlinks in subrepositories 
    - debian/patches/CVE-2019-3902-1.patch: subrepo: extend path auditing test
      to include more weird patterns (SEC)
    - debian/patches/CVE-2019-3902-2.patch: subrepo: prohibit variable
      expansion on creation of hg subrepo (SEC)
    - debian/patches/CVE-2019-3902-3.patch: subrepo: reject potentially unsafe
      subrepo paths (BC) (SEC)
    - CVE-2019-3902

Date: 2019-08-05 20:24:14.685191+00:00
Changed-By: Mike Salvatore <mike.salvatore at canonical.com>
Signed-By: Ubuntu Archive Robot <cjwatson+ubuntu-archive-robot at chiark.greenend.org.uk>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Disco-changes mailing list