** Changed in: libgit2 (Ubuntu Utopic)
Status: Confirmed => Invalid
** Changed in: libgit2 (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: jgit (Ubuntu)
Status: Confirmed => Fix Released
** Changed in: jgit (Ubuntu Utopic)
Status: Confirmed => Invalid
**
** Branch linked: lp:ubuntu/precise-security/mercurial
** Branch linked: lp:~ubuntu-branches/ubuntu/trusty/mercurial/trusty-
security
** Branch linked: lp:~ubuntu-branches/ubuntu/utopic/mercurial/utopic-
security
--
You received this bug notification because you are a member of Ubuntu
Bugs,
This bug was fixed in the package mercurial - 2.0.2-1ubuntu1.2
---
mercurial (2.0.2-1ubuntu1.2) precise-security; urgency=medium
[ Jamie Strandboge ]
* SECURITY UPDATE: fix for improperly handling case-insensitive paths on
Windows and OS X clients
-
This bug was fixed in the package mercurial - 3.1.1-1ubuntu0.2
---
mercurial (3.1.1-1ubuntu0.2) utopic-security; urgency=medium
[ Jamie Strandboge ]
* SECURITY UPDATE: fix for improperly handling case-insensitive paths on
Windows and OS X clients
-
This bug was fixed in the package mercurial - 2.8.2-1ubuntu1.3
---
mercurial (2.8.2-1ubuntu1.3) trusty-security; urgency=medium
[ Jamie Strandboge ]
* SECURITY UPDATE: fix for improperly handling case-insensitive paths on
Windows and OS X clients
-
** Changed in: jgit (Ubuntu Trusty)
Status: New = Confirmed
** Changed in: jgit (Ubuntu Utopic)
Status: New = Confirmed
** Changed in: jgit (Ubuntu Vivid)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
** Also affects: jgit (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Errors in handling case-sensitive directories allow for
Vivid's git was previously updated for CVE-2014-9390 by an auto sync of
git 1:2.1.4-2 from Debian Sid.
** Changed in: git (Ubuntu Vivid)
Status: In Progress = Fix Released
** Changed in: git (Ubuntu Vivid)
Assignee: Tyler Hicks (tyhicks) = (unassigned)
--
You received this bug
This bug was fixed in the package git - 1:2.1.0-1ubuntu0.1
---
git (1:2.1.0-1ubuntu0.1) utopic-security; urgency=medium
* SECURITY UPDATE: Add protections against malicious git commits that
overwrite git metadata on HFS+ and NTFS filesystems. Some of the
protections are
This bug was fixed in the package git - 1:1.7.9.5-1ubuntu0.1
---
git (1:1.7.9.5-1ubuntu0.1) precise-security; urgency=medium
* SECURITY UPDATE: Add protections against malicious git commits that
overwrite git metadata on HFS+ and NTFS filesystems. Some of the
protections
This bug was fixed in the package git - 1:1.9.1-1ubuntu0.1
---
git (1:1.9.1-1ubuntu0.1) trusty-security; urgency=medium
* SECURITY UPDATE: Add protections against malicious git commits that
overwrite git metadata on HFS+ and NTFS filesystems. Some of the
protections are
Thanks Javi! I've applied these and are testing them locally. I'll
upload to the ppa once finished.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Errors in handling case-sensitive
mercurial on 15.04 was fixed in 3.1.2-2.
** Changed in: mercurial (Ubuntu Vivid)
Status: In Progress = Fix Released
** Changed in: mercurial (Ubuntu Vivid)
Assignee: Jamie Strandboge (jdstrand) = (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Javi, alright, so I updated that test with your patch as mentioned
(thanks) which I certainly would've needed to do anyway, but test-
hghave.t.sh on 14.04 never finishes and FTBFS (and it does with
unpatched mercurial too). I'm happy to look at this myself when I have
more time, but do you have an
Jamie, the problem you have is that the patch you've backported passes
repo as the first parameter to context.memfilectx() but in the
mercurial version that you have, context.memfilectx() only receives the
path and text. Just drop the repo argument in the tests as I've done
for Debian Wheezy[0]
Find the patch for the failing test-commit.t attached.
** Patch added: fix test-commit.t for mercurial_2.8.2-1ubuntu1.1
https://bugs.launchpad.net/ubuntu/+source/git/+bug/1404035/+attachment/4287708/+files/ubuntu_trusty_cve-2014-9390_fix_test_commit.patch
--
You received this bug
The attachment fix test-commit.t for mercurial_2.8.2-1ubuntu1.1 seems
to be a patch. If it isn't, please remove the patch flag from the
attachment, remove the patch tag, and if you are a member of the
~ubuntu-reviewers, unsubscribe the team.
[This is an automated message performed by a Launchpad
FYI, the 14.04 mercurial packages FTBFS due to an unrelated issue:
https://launchpad.net/~ubuntu-security-
proposed/+archive/ubuntu/ppa/+build/6661971/+files/buildlog_ubuntu-
trusty-amd64.mercurial_2.8.2-1ubuntu1.1_FAILEDTOBUILD.txt.gz.
Specifically, the hghave tests are failing (and the fail with
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libgit2 (Ubuntu Trusty)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libgit2 (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: libgit2 (Ubuntu Utopic)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Jamie, I see in the changelog that you have applied this patches:
- http://selenic.com/repo/hg-stable/rev/035434b407be
- http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3
- http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e
- http://selenic.com/repo/hg-stable/rev/7a5bcd471f2e
** Also affects: libgit2 (Ubuntu)
Importance: Undecided
Status: New
** No longer affects: libgit2 (Ubuntu Precise)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Errors in
** Changed in: git (Ubuntu)
Status: New = Confirmed
** Changed in: mercurial (Ubuntu)
Status: New = Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
Title:
Errors in
FYI, mercurial is in universe and is therefore community maintained. I
took a look at it and have prepared packages in https://launchpad.net
/~ubuntu-security-proposed/+archive/ubuntu/ppa/+packages. If someone
could test them and verify they are ok, I can push them out as a
security update.
**
Note, the packages in the ppa have not been tested yet (14.04-15.04 do
pass the testsuite though, 12.04 needs a manual test run), so take care.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1404035
26 matches
Mail list logo
