This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Updated package needed for mercurial 3.7.3 security update


Hi,

The current package is for mercurial 3.5.1, but upstream have released
3.7.3 as a security release, with fixes for:

CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos

Release announcement is here:
http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523

Can the cygwin mercurial maintainer please issue an updated package.

Thanks,

    AndyM


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]