This bug was fixed in the package mercurial - 3.1.1-1ubuntu0.2 --------------- mercurial (3.1.1-1ubuntu0.2) utopic-security; urgency=medium
[ Jamie Strandboge ] * SECURITY UPDATE: fix for improperly handling case-insensitive paths on Windows and OS X clients - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3 - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a - CVE-2014-9390 - LP: #1404035 [ Marc Deslauriers ] * SECURITY UPDATE: arbitrary command exection via crafted repository name in a clone command - d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add more thorough shell quoting to mercurial/sshpeer.py. - CVE-2014-9462 -- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 17 Jun 2015 13:09:05 -0400 ** Changed in: mercurial (Ubuntu Utopic) Status: In Progress => Fix Released ** Changed in: mercurial (Ubuntu Trusty) Status: In Progress => Fix Released -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1404035 Title: Errors in handling case-sensitive directories allow for remote code execution on pull To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/git/+bug/1404035/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs