Mail Archives: cygwin/2016/04/02/13:53:04

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2016/04/02/13:53:04

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:mime-version

:content-type; q=dns; s=default; b=Y0KwuSWj3L2fLfE+DVaLIvLZvzEAW

qxJ/qyTlsM2h4y98t/SV7c8eR636Ty3P6nR1Cmh9mDPT+SPRiFBWlbJeiII2gkNB

J7SYjdM/6bZc2ALxwYS4THHNe9aRU4lj5bvRtSmoHZoNoes8EbDm+7tpjWd/7Kxh

67uf7FW7lbug64=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:to:from:subject:date:message-id:mime-version

:content-type; s=default; bh=il0zHQn8h/GZ5G4n+RTVPcoZ9OY=; b=s4M

/eSqA6OFHsjyXdqk59LRj8M9GTd0XMwnCrIyYJYKI9pzTZOKAiAjtXy5ZAvb0tB9

HiE5+O7matIIxLrLcsPOZWnJQd42HJ4oL3q2ysG3mbiC9vk7rHKIVjGuIU8XQrn4

8Fqns11N5Iq8Qw305PunzcfSSYmFO6V4L1Gph91M=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-3.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:594

X-HELO: plane.gmane.org

To: cygwin AT cygwin DOT com

From: Andy Moreton <andrewjmoreton AT gmail DOT com>

Subject: Updated package needed for mercurial 3.7.3 security update

Date: Sat, 02 Apr 2016 18:52:16 +0100

Lines: 17

Message-ID: <86h9fjdhkf.fsf@gmail.com>

Mime-Version: 1.0

User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.92 (windows-nt)

X-IsSubscribed: yes

Hi,

The current package is for mercurial 3.5.1, but upstream have released
3.7.3 as a security release, with fixes for:

CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos

Release announcement is here:
http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523

Can the cygwin mercurial maintainer please issue an updated package.

Thanks,

    AndyM


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type; q=dns; s=default; b=Y0KwuSWj3L2fLfE+DVaLIvLZvzEAW
	qxJ/qyTlsM2h4y98t/SV7c8eR636Ty3P6nR1Cmh9mDPT+SPRiFBWlbJeiII2gkNB
	J7SYjdM/6bZc2ALxwYS4THHNe9aRU4lj5bvRtSmoHZoNoes8EbDm+7tpjWd/7Kxh
	67uf7FW7lbug64=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:mime-version
	:content-type; s=default; bh=il0zHQn8h/GZ5G4n+RTVPcoZ9OY=; b=s4M
	/eSqA6OFHsjyXdqk59LRj8M9GTd0XMwnCrIyYJYKI9pzTZOKAiAjtXy5ZAvb0tB9
	HiE5+O7matIIxLrLcsPOZWnJQd42HJ4oL3q2ysG3mbiC9vk7rHKIVjGuIU8XQrn4
	8Fqns11N5Iq8Qw305PunzcfSSYmFO6V4L1Gph91M=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-3.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy=Hx-languages-length:594
X-HELO:	plane.gmane.org
To:	cygwin AT cygwin DOT com
From:	Andy Moreton <andrewjmoreton AT gmail DOT com>
Subject:	Updated package needed for mercurial 3.7.3 security update
Date:	Sat, 02 Apr 2016 18:52:16 +0100
Lines:	17
Message-ID:	<86h9fjdhkf.fsf@gmail.com>
Mime-Version:	1.0
User-Agent:	Gnus/5.13 (Gnus v5.13) Emacs/25.0.92 (windows-nt)
X-IsSubscribed:	yes