Re: Bug#927674: CVE-2019-3902

2019-05-28 Thread Julien Cristau
ercurial-scm.org/wiki/WhatsNew from 4.9: > > > > This was assigned CVE-2019-3902: > > It was possible to use symlinks and subrepositories to defeat Mercurial's > > path-checking > > logic and write files outside a repository. This has been fixed. Users on > > older ve

Re: CVE-2019-3902

2019-05-26 Thread Moritz Mühlenhoff
On Sun, Apr 21, 2019 at 12:32:13AM +0200, Moritz Muehlenhoff wrote: > Source: mercurial > Version: 4.8.2-1 > Severity: grave > Tags: security > > See https://www.mercurial-scm.org/wiki/WhatsNew from 4.9: > > This was assigned CVE-2019-3902: > It was possible to use s