Mercurial 4.3 and 4.2.3 released

Moments ago, I released Mercurial 4.3 and 4.2.3. Please patch *immedately*: CVE-2017-1000115: Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository. CVE-2017-1000116: Mercurial was not sanitizing hostnames passed to ssh, allowing

Re: Mercurial 4.3 and 4.2.3 released

> On Aug 10, 2017, at 14:09, Augie Fackler wrote: > > Moments ago, I released Mercurial 4.3 and 4.2.3. Please patch *immedately*: Update: the release script misfired and 4.2.3 is wrong - I'll fix it shortly. > > CVE-2017-1000115: > > Mercurial's symlink auditing was incomplete prior to 4.3,

Re: Mercurial 4.3 and 4.2.3 released

> On Aug 10, 2017, at 14:11, Augie Fackler wrote: > > >> On Aug 10, 2017, at 14:09, Augie Fackler wrote: >> >> Moments ago, I released Mercurial 4.3 and 4.2.3. Please patch *immedately*: > > Update: the release script misfired and 4.2.3 is wrong - I'll fix it shortly. 4.2.3 is now correctly

Re: Mercurial 4.3 and 4.2.3 released

> On Aug 10, 2017, at 14:25, Augie Fackler wrote: > > >> On Aug 10, 2017, at 14:11, Augie Fackler > > wrote: >> >> >>> On Aug 10, 2017, at 14:09, Augie Fackler >> > wrote: >>> >>> Moments ago, I released Mercurial 4.3 and 4.2.3. Please patch