This bug was fixed in the package mercurial - 2.8.2-1ubuntu1.3
---------------
mercurial (2.8.2-1ubuntu1.3) trusty-security; urgency=medium
[ Jamie Strandboge ]
* SECURITY UPDATE: fix for improperly handling case-insensitive paths on
Windows and OS X clients
- http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
- http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
- http://selenic.com/repo/hg-stable/rev/6dad422ecc5a
- CVE-2014-9390
- LP: #1404035
[ Marc Deslauriers ]
* SECURITY UPDATE: arbitrary command exection via crafted repository
name in a clone command
- d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add
more thorough shell quoting to mercurial/sshpeer.py.
- CVE-2014-9462
* debian/patches/fix_ftbfs_patchbomb_test.patch: fix patchbomb test.
-- Marc Deslauriers <marc.deslauri...@ubuntu.com> Wed, 17 Jun 2015
10:51:42 -0400
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Errors in handling case-sensitive directories allow for remote code
execution on pull
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1404035/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
