Security update needed for mercurial (upload error: doesn't follow naming convention)
Corinna Vinschen
corinna-cygwin@cygwin.com
Wed Apr 20 17:14:00 GMT 2016
On Apr 20 19:56, Jari Aalto wrote:
> > 3.7.3 as a security release, with fixes for:
> >
> > CVE-2016-3630 Mercurial: remote code execution in binary delta decoding
> > CVE-2016-3068 Mercurial: arbitrary code execution with Git subrepos
> > CVE-2016-3069 Mercurial: arbitrary code execution when converting Git repos
>
> New release uploaded, but I got this message (x64)?
>
> ERROR: tar file 'mercurial-3.7.3.tar.gz' in package 'mercurial' doesn't follow naming convention
> ERROR: error while reading uploaded packages for Jari Aalto
Our new calm tool (courtesy Jon Turney) now checks packages for
validity. Shouldn't that be 3.7.3-1?
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin/attachments/20160420/9736c469/attachment.sig>
More information about the Cygwin
mailing list