Updated package needed for mercurial 3.7.3 security update

Andy Moreton andrewjmoreton@gmail.com
Sat Apr 2 17:52:00 GMT 2016


Hi,

The current package is for mercurial 3.5.1, but upstream have released
3.7.3 as a security release, with fixes for:

CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos

Release announcement is here:
http://permalink.gmane.org/gmane.comp.version-control.mercurial.general/37523

Can the cygwin mercurial maintainer please issue an updated package.

Thanks,

    AndyM


--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple



More information about the Cygwin mailing list