Ubuntu
mercurial package

mercurial 4.8.2-1ubuntu4 source package in Ubuntu

Changelog

mercurial (4.8.2-1ubuntu4) eoan; urgency=medium

  * SECURITY UPDATE: Write to arbitrary files outside a repository by using
    symlinks in subrepositories
    - debian/patches/CVE-2019-3902-1.patch: subrepo: extend path auditing test
      to include more weird patterns (SEC)
    - debian/patches/CVE-2019-3902-2.patch: subrepo: prohibit variable
      expansion on creation of hg subrepo (SEC)
    - debian/patches/CVE-2019-3902-3.patch: subrepo: reject potentially unsafe
      subrepo paths (BC) (SEC)
    - CVE-2019-3902

 -- Mike Salvatore <email address hidden>  Tue, 30 Jul 2019 15:42:49 -0400

Upload details

Uploaded by:
Mike Salvatore
Sponsored by:
Marc Deslauriers
Uploaded to:
Eoan
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
devel
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
mercurial_4.8.2.orig.tar.gz 6.6 MiB 6c202cb9cf05e63b86477ebf84d6475eb10b4022ac2cd3a7481fb36d9c45fdb2
mercurial_4.8.2.orig.tar.gz.asc 833 bytes ceaf75242740acfd06a96aae53d8a40f3b3f3c4a7119bb53224d0bf6efa65254
mercurial_4.8.2-1ubuntu4.debian.tar.xz 64.7 KiB f55665ce2a6c03eeb3de757826f07aacac41236bb4a457643092e279022dc398
mercurial_4.8.2-1ubuntu4.dsc 2.7 KiB 9433f69ec5bd1bc98b1b0319b976028b7b4c2ac3bef1d6367ca627d8d1f5d85d

Available diffs

View changes file

Binary packages built by this source

mercurial: easy-to-use, scalable distributed version control system

 Mercurial is a fast, lightweight Source Control Management system designed
 for efficient handling of very large distributed projects.
 .
 Its features include:
  * O(1) delta-compressed file storage and retrieval scheme
  * Complete cross-indexing of files and changesets for efficient exploration
    of project history
  * Robust SHA1-based integrity checking and append-only storage model
  * Decentralized development model with arbitrary merging between trees
  * High-speed HTTP-based network merge protocol
  * Easy-to-use command-line interface
  * Integrated stand-alone web interface
  * Small Python codebase
 .
 This package contains the architecture dependent files.

mercurial-common: No summary available for mercurial-common in ubuntu eoan.

No description available for mercurial-common in ubuntu eoan.

mercurial-dbgsym: debug symbols for mercurial