This is the mail archive of the
mailing list for the Cygwin project.
Re: Security update needed for mercurial
- From: Andy Moreton <andrewjmoreton at gmail dot com>
- To: cygwin at cygwin dot com
- Date: Tue, 19 Apr 2016 17:30:01 +0100
- Subject: Re: Security update needed for mercurial
- Authentication-results: sourceware.org; auth=none
- References: <86h9fjdhkf dot fsf at gmail dot com>
On Sat 02 Apr 2016, Andy Moreton wrote:
> The current package is for mercurial 3.5.1, but upstream have released
> 3.7.3 as a security release, with fixes for:
> CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
> CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
> CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
> Release announcement is here:
> Can the cygwin mercurial maintainer please issue an updated package.
Is the mercurial maintainer still reading the list ?
Problem reports: http://cygwin.com/problems.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple