On Fri, Oct 3, 2008 at 3:15 PM, Vincent Danjean <[EMAIL PROTECTED]> wrote: > Hint: if anyone can point me to a specific changeset to fix the second > security bug fixed in 1.0.2 ("Mercurial before 1.0.2 does not enforce the > allowpull permission"), I will backport it to 1.0.1 in the next Debian > release (see http://bugs.debian.org/500781 )
Maybe this one: changeset: 6465:8542fac26f63 user: Benoit Boissinot <[EMAIL PROTECTED]> date: Mon May 26 14:20:26 2008 +0200 summary: hgweb: correctly validate permissions with streamclone pulling regards, Benoit -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]