Bug#783237: marked as done (mercurial: CVE-2014-9462: command injection via sshpeer._validaterepo())

Tue, 12 May 2015 11:49:47 -0700 

Your message dated Tue, 12 May 2015 18:47:31 +0000
with message-id <[email protected]>
and subject line Bug#783237: fixed in mercurial 2.2.2-4+deb7u1
has caused the Debian Bug report #783237,
regarding mercurial: CVE-2014-9462: command injection via 
sshpeer._validaterepo()
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
783237: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783237
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: mercurial
Severity: important
Tags: security

Please see
http://chargen.matasano.com/chargen/2015/3/17/this-new-vulnerability-mercurial-command-injection-cve-2014-9462.html

Fix:
http://selenic.com/hg/rev/e3f30068d2eb

Cheers,
        Moritz

--- End Message ---
--- Begin Message --- 
Source: mercurial
Source-Version: 2.2.2-4+deb7u1

We believe that the bug you reported is fixed in the latest version of
mercurial, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Javi Merino <[email protected]> (supplier of updated mercurial package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Wed, 06 May 2015 08:09:26 +0100
Source: mercurial
Binary: mercurial-common mercurial
Architecture: source all amd64
Version: 2.2.2-4+deb7u1
Distribution: wheezy-security
Urgency: high
Maintainer: Python Applications Packaging Team 
<[email protected]>
Changed-By: Javi Merino <[email protected]>
Description: 
 mercurial  - easy-to-use, scalable distributed version control system
 mercurial-common - easy-to-use, scalable distributed version control system 
(common
Closes: 783237
Changes: 
 mercurial (2.2.2-4+deb7u1) wheezy-security; urgency=high
 .
   * Fix "CVE-2014-9462" by adding patch
     from_upstream__sshpeer_more_thorough_shell_quoting.patch (Closes:
     #783237)
Checksums-Sha1: 
 1cd8290d537ba4978d4e28d5828a1460046d61c3 2164 mercurial_2.2.2-4+deb7u1.dsc
 72070531f173ccb4394b227914c45678c963ebaa 3430037 mercurial_2.2.2.orig.tar.gz
 89603917e9600c09cf9323ff49b733c49fed8659 41157 
mercurial_2.2.2-4+deb7u1.debian.tar.gz
 394b082769956c1d78b7532ecb6aee30373fbbc4 2325578 
mercurial-common_2.2.2-4+deb7u1_all.deb
 26868d7ca78c2b23e7556014d9757efae3fc4e52 93468 
mercurial_2.2.2-4+deb7u1_amd64.deb
Checksums-Sha256: 
 01c47c42c898093a3e0f2add2998d5107e304bbbdb4335b844571492c01aef00 2164 
mercurial_2.2.2-4+deb7u1.dsc
 3489110ec11fefbd2cbdefb8d715d0a869cef3dd729aaf4d5141108f8be1600a 3430037 
mercurial_2.2.2.orig.tar.gz
 f48016549820e1d5bab2a1480620620e409a7c302a3db29c1bef5ea4474100f6 41157 
mercurial_2.2.2-4+deb7u1.debian.tar.gz
 f5c2e1a62981aad40be1ab3b19d8f35adb7d70b58265ce1e19d7b4cd53ede0fe 2325578 
mercurial-common_2.2.2-4+deb7u1_all.deb
 c0013051424de41926032b2b44d08c53d41ee48f2121464da09e911819752e2b 93468 
mercurial_2.2.2-4+deb7u1_amd64.deb
Files: 
 fa7c207b7bf99ed0866b61bd321315f3 2164 vcs optional mercurial_2.2.2-4+deb7u1.dsc
 9f59b5d71969cbb2671702cd2a7a5a11 3430037 vcs optional 
mercurial_2.2.2.orig.tar.gz
 82e3d3aa4409cf747363b86b6cbf95db 41157 vcs optional 
mercurial_2.2.2-4+deb7u1.debian.tar.gz
 1bd6accef7d746ef892fb0789382a223 2325578 vcs optional 
mercurial-common_2.2.2-4+deb7u1_all.deb
 2176a4d9d76e8c929fbf878d5a457992 93468 vcs optional 
mercurial_2.2.2-4+deb7u1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVScEFAAoJEAe0hFJ2jTgkCHIQALBrCtS/s+MNCKlEEnciwjDt
7Gkn/3EpLsp3Wo1zKVsLLKVaWQlW9i6srp4Wn95xwzVdlKEpii9WaTPmCK04kLoe
NrXY6AsdpGwWFa9/zL+FNe8dM8IouLq6N1JHLitJq/ce4x4POmCVS6G9vf4lHgEI
39UVh1HDOir/dM9wR18jF9jXtg5FPAfFLHJ6RgX8M2xFaTmMNnSBRofPwt3KQJl9
NJwCAFdK8X5vZdVUMxjOKsD5Y48K0sgCFD+uRip1S9PYXPIpcwmcKEDHQ0kbQZsl
LPz/XeMcvoKnpRa5H8+vqfW0/iR8Tqbr7Eki8bfbFjnouKmwndaHQdJkjRsJ2Cci
5YRSSzlvbwBQ/s1lcXue+8FBCxDf+V2z6eRhi7/LmRfTw2KrHxlbKthmXOyp/R6J
E5O7gzogMohgon6XHCyAC4EyfoS6uHyCselVz7z2/+6vwUIzXBtghpaDSfJgz2me
iQfZ7slSTHF8FSZGs6VX3tp/P6XOvt63MNduUZAtTPf6JvrW6GFjI3wX5jbEg/zi
AsOq65zVTmvSPXjrBgulHtXC8Ddw27IkSz9LjZk+A4n/lbGzE/lKB6N1lzunaRDA
CNrcm6hdNoieotWx8qROpEYgdReJscGuL962KWKILTbIPEGtVAqfBHpvHwVI+7do
gOCq7EVRvknxnwWJDFII
=v3hL
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to