Security update needed for mercurial

Andy Moreton
Tue Apr 19 18:22:00 GMT 2016

On Sat 02 Apr 2016, Andy Moreton wrote:

> Hi,
> The current package is for mercurial 3.5.1, but upstream have released
> 3.7.3 as a security release, with fixes for:
> CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
> CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
> CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
> Release announcement is here:
> Can the cygwin mercurial maintainer please issue an updated package.

Is the mercurial maintainer still reading the list ?


Problem reports:
Unsubscribe info:

More information about the Cygwin mailing list