Bug#783237: marked as done (mercurial: CVE-2014-9462: command injection via sshpeer._validaterepo())

Tue, 12 May 2015 11:49:47 -0700 

Your message dated Tue, 12 May 2015 18:47:13 +0000
with message-id <[email protected]>
and subject line Bug#783237: fixed in mercurial 3.1.2-2+deb8u1
has caused the Debian Bug report #783237,
regarding mercurial: CVE-2014-9462: command injection via 
sshpeer._validaterepo()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
783237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mercurial
Severity: important
Tags: security

Please see
http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html

Fix:
http://selenic.com/hg/rev/e3f30068d2eb

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: mercurial
Source-Version: 3.1.2-2+deb8u1

We believe that the bug you reported is fixed in the latest version of
mercurial, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javi Merino <[email protected]> (supplier of updated mercurial package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 01 May 2015 19:14:56 +0100
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source all amd64
Version: 3.1.2-2+deb8u1
Distribution: jessie-security
Urgency: high
Maintainer: Python Applications Packaging Team 
<[email protected]>
Changed-By: Javi Merino <[email protected]>
Description:
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system 
(common
Closes: 783237
Changes:
 mercurial (3.1.2-2+deb8u1) jessie-security; urgency=high
 .
   * Fix "CVE-2014-9462" by adding patch
     from_upstream__sshpeer_more_thorough_shell_quoting.patch
     (Closes: #783237)
Checksums-Sha1:
 e21373a0c50dd02ab6ba565b8d7702bd44febb0b 2273 mercurial_3.1.2-2+deb8u1.dsc
 ae7e16454cee505da895c2497f09711f35287459 3983825 mercurial_3.1.2.orig.tar.gz
 4331c8b763def4561e2ace0e7de9573175ebd7e3 47096 
mercurial_3.1.2-2+deb8u1.debian.tar.xz
 69377ad4e34c9075875f15dc720a1176e7be19b3 1598540 
mercurial-common_3.1.2-2+deb8u1_all.deb
 055fa72a013c3ce14b526c6322504467b71b6555 59990 
mercurial_3.1.2-2+deb8u1_amd64.deb
Checksums-Sha256:
 1a6ce61286da1af112f73b96fb9c67fd5ec1a0d621ada33274158c2ec27ccb78 2273 
mercurial_3.1.2-2+deb8u1.dsc
 5dbe5ceb3707e378528dc9346af280919760aa1a8bcc27be12c1fe2bafa78d3a 3983825 
mercurial_3.1.2.orig.tar.gz
 fd6ecfa4c47c203d1962e253d8f9f6d59696348e723f3cbe5776bfd6eb60fec3 47096 
mercurial_3.1.2-2+deb8u1.debian.tar.xz
 bed5cf728c64e8a28a5c2e5ae1e1b6ed3a65c5c7f5de7c843b4de771156a224f 1598540 
mercurial-common_3.1.2-2+deb8u1_all.deb
 1169bf7028353346256a08810ddda7e1a4ae819eea2b2b33c7f5b14230ae9def 59990 
mercurial_3.1.2-2+deb8u1_amd64.deb
Files:
 bd817f300f1ca497f05ad277120f7bbc 2273 vcs optional mercurial_3.1.2-2+deb8u1.dsc
 72a79798de828d6d6fb055273f91201a 3983825 vcs optional 
mercurial_3.1.2.orig.tar.gz
 e25260951075fc566e610f946f91a525 47096 vcs optional 
mercurial_3.1.2-2+deb8u1.debian.tar.xz
 479e6bc6ceb5c3208173255323d94cb2 1598540 vcs optional 
mercurial-common_3.1.2-2+deb8u1_all.deb
 6fc572f7df99ed485d2fe94d19f98f3a 59990 vcs optional 
mercurial_3.1.2-2+deb8u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVRIPAAAoJEAe0hFJ2jTgk4ZkQAOhkQEOfFi0uyiw2tLt14DRO
0l/ZLxd3p+uW36P1aWy5V52Iut+y5u4MLLFUTnbmtXSsKRij+qcDo8g0UUccrMDM
YB1+nBR+37IKTvHcpLA06blpLrE+ip42h6W/rkZHpViW8ohWo+B5t7Wn9Jr7+1XF
sAg/Y2RrZYFBZr5XFNAsExF/MGyTd4QniMTL1K1MH1H5tQ4KBHQJxWYLpBVsYttC
mYyGLklKUmvJfY/WcsR72SUDAxTDWYpqCTqjow5FXkujxQtTNpfwPhSGPKTuaUzr
kfWV1uqgv8NX+Xs6d05GE2BN2VzVepRMC65IFaJF1HmKaaPH2hO6gXMUfaw7qDWu
K4pDHmWBfHM3fKT1BG5Mslz+Xh2er8dr4AsOonkOn/nyukSHnGntGIJmPVH8mG+b
S1NaKGhFMxOAQ5eo9KvIwLbCa3ytxhPEhXtGTjCVpUoOKbD1p5Mk+8o68kxLjTSL
CZGOwc90X6zQ5BThNOFR2Gc+k0rlzGAdiCo3swJh+hm8BCpzBUtl+fA1DXqdbxU9
WjVwFCReQ++/e0GAc5h4dedGffqwjOGhG9Q+MPZNmFDdBxYOE6M8YZYmEB9heyIU
PBWvdavwa87SRrEOoZNR/ZaW6MmIQoIvLrfqfg/f3rS2jtxujl9ohXZLv6WR9StQ
4GTKcL5TIFk/4m479mb0
=JqZ/
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to