On Thursday, 2017-08-10 14:11:52 -0400, you wrote:

> ...
> > CVE-2017-1000115:
> > 
> > Mercurial's symlink auditing was incomplete prior to 4.3, and could be 
> > abused to write to files outside the repository.

What precisely does that mean?  Is it no longer possible to have a vers-
ion controlled  symbolic link somewhere  in the working directory  which
points to some place  outside the Mercurial repository?   Some of my re-
positories heavily depend on this :-(

I searched the web for "CVE-2017-1000115",  but found neither a detailed
description of the problem nor of the solution.

Anybody caring to shed some light on this?

Mercurial-devel mailing list

Reply via email to