Package: mercurial Version: 3.1.2-1 Severity: important Tags: security upstream
CVE-2014-9390[0][1] is a security vulnerability that affects mercurial repositories in a case-sensitive filesystem (eg. VFAT or HFS+). It allows for remote code execution of a specially crafted repository. This is less severe for the average Debian installation as they are usually set up with case-insensitive filesystems. [0] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9390 [1] https://security-tracker.debian.org/tracker/CVE-2014-9390 This affects both Wheezy and Jessie. -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=es_ES.UTF-8, LC_CTYPE=es_ES.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages mercurial depends on: ii libc6 2.19-13 ii mercurial-common 3.1.2-1 ii python 2.7.8-2 ii ucf 3.0030 Versions of packages mercurial recommends: ii openssh-client 1:6.7p1-3 Versions of packages mercurial suggests: pn kdiff3 | kdiff3-qt | kompare | meld | tkcvs | mgdiff <none> pn qct <none> -- no debconf information _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
