This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Security update needed for mercurial

On Apr 19 17:30, Andy Moreton wrote:
> On Sat 02 Apr 2016, Andy Moreton wrote:
> 
> > Hi,
> >
> > The current package is for mercurial 3.5.1, but upstream have released

Actually the Cygwin mercurial package is at 3.6.3.

> > 3.7.3 as a security release, with fixes for:
> >
> > CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
> > CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
> > CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
> >
> > Release announcement is here:
> > http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523
> >
> > Can the cygwin mercurial maintainer please issue an updated package.
> >
> 
> Is the mercurial maintainer still reading the list ?

I CCed him.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: signature.asc
Description: PGP signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]