X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type; q=dns; s=default; b=KSbym6iWcAvYySks
	TUPKJzRX5wLpjFWLC+jnXf+rb6n+p77dRWEnOtc7KdfHTqnm1KuWxbYXuUnhNznf
	+6S7Dyrjv8tT+v5GtmKs/hEGH4LvSaJiIHwpQtkLegZJFaHa9gciQxTzuoHksoJC
	kIWvqlcrHvzpes5madRKSUCPzN0=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:to:from:subject:date:message-id:references
	:mime-version:content-type; s=default; bh=H8MjOUHIi77btR80RjMAGg
	jAPfw=; b=bqAOAbpbpv9TiW+kt26Pbd4TZdY3PUdqJoNjz9fa0tS6qX2sJmUVv8
	pkEz0fx70dovvrIjFqhVl8hSWH0SEUFCpLaJQ72hOTOE5ZNrAtwa6htW7r7sssA2
	D7gSMHFf7uCf6sqfOIMPraRsESM2wBvuSH39JXj9cV8I0qAKCvp18=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-3.6 required=5.0 tests=BAYES_00,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,RP_MATCHES_RCVD,SPF_HELO_PASS,SPF_PASS autolearn=ham version=3.3.2 spammy=
X-HELO: plane.gmane.org
To: cygwin AT cygwin DOT com
From: Andy Moreton <andrewjmoreton AT gmail DOT com>
Subject: Re: Security update needed for mercurial
Date: Tue, 19 Apr 2016 17:30:01 +0100
Lines: 20
Message-ID: <vz137qhlfxy.fsf@gmail.com>
References: <86h9fjdhkf DOT fsf AT gmail DOT com>
Mime-Version: 1.0
Content-Type: text/plain
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.0.92 (windows-nt)
X-IsSubscribed: yes

On Sat 02 Apr 2016, Andy Moreton wrote:

> Hi,
>
> The current package is for mercurial 3.5.1, but upstream have released
> 3.7.3 as a security release, with fixes for:
>
> CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
> CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
> CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
>
> Release announcement is here:
> http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523
>
> Can the cygwin mercurial maintainer please issue an updated package.
>

Is the mercurial maintainer still reading the list ?

    AndyM


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple