[Bug 1404035] Re: Errors in handling case-sensitive directories allow for remote code execution on pull

Launchpad Bug Tracker Wed, 17 Jun 2015 13:31:31 -0700

This bug was fixed in the package mercurial - 3.1.1-1ubuntu0.2

---------------
mercurial (3.1.1-1ubuntu0.2) utopic-security; urgency=medium


  [ Jamie Strandboge ]
  * SECURITY UPDATE: fix for improperly handling case-insensitive paths on
    Windows and OS X clients
    - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
    - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
    - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a
    - CVE-2014-9390
    - LP: #1404035

  [ Marc Deslauriers ]
  * SECURITY UPDATE: arbitrary command exection via crafted repository
    name in a clone command
    - d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add
      more thorough shell quoting to mercurial/sshpeer.py.
    - CVE-2014-9462

 -- Marc Deslauriers <marc.deslauri...@ubuntu.com>  Wed, 17 Jun 2015
13:09:05 -0400

** Changed in: mercurial (Ubuntu Utopic)
       Status: In Progress => Fix Released

** Changed in: mercurial (Ubuntu Trusty)
       Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035

Title:
  Errors in handling case-sensitive directories allow for remote code
  execution on pull

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1404035/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1404035] Re: Errors in handling case-sensitive directories allow for remote code execution on pull

Reply via email to