-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : mercurial Version : 3.1.2-2+deb8u7 CVE ID : CVE-2019-3902 Debian Bug : #927674
It was discovered that there was a path traversal vulnerability in the "mercurial" distributed revision version control system. Symbolic links and subrepositories could be used defeat Mercurial's path-checking logic and write files outside the repository root. For Debian 8 "Jessie", this issue has been fixed in mercurial version 3.1.2-2+deb8u7. We recommend that you upgrade your mercurial packages. Regards, - -- ,''`. : :' : Chris Lamb `. `'` la...@debian.org / chris-lamb.co.uk `- -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEwv5L0nHBObhsUz5GHpU+J9QxHlgFAlzB7uYACgkQHpU+J9Qx HlhIWhAAo+ifxwrm/7ZsDfWkAn27/3oEHCBK/QKMNLuRIdK9YI368buAJAWntwBZ 3MF+fYlBbnrv4HRSjfo6GTEOvcjLx8hdavjdFQ5pJdFmxdv1ffrXgzXfuhip6vFS k1UcnrU136DAegV9o+MNgDfsV/+/3FY7xPP1CvGXLrI9yh6W2SP20dpmSxjET588 lWaK5ts2nkg33j4M45stGGjSzTp06TYcBKkbUUEtKm64SmGBPT5kDIC6e2EMkaj1 7V9pHeybjpmKNSzLseAystlNOpietpSzvlpnfYfT9XZkkaYWDDK03zKSpri0O1yt KWkCULHXSQPuRXz5fb5OgIfGhDlm/2G6kqUg8WeD/RTLb1U/o88xBd7rA0aLFBgV 6A1KThE7q0Q/CAHjvoN02RmhaNua+H7OheZD+ULPZJADuBu21xViKUYGdvoyDaor su/g4X26RABpATXlyWKaPzRI6/QVvU6koLt3hIOR/oljTfdFS56r0jEfnORzh+08 atILUNDeCKqjUg0fYzcE8P7ybBDNSKrFwd99nb2O7AoUuN15TfCWT7LXfyXePUx1 I7kE/yrWr+wSTp4clHkCXNCELqvVeltYLaOOZJJWvl5HRQ3rc+uEMWema8+5Trj3 BXn8WRymkhDX5WbPbAyf2p2O6OxBDiuHtL+MbCzVoVdIYhrU6tg= =crEM -----END PGP SIGNATURE-----