mercurial -- security update

2016-05-05T00:00:00
ID DSA-3570
Type debian
Reporter Debian
Modified 2016-05-05T00:00:00

Description

Blake Burkhart discovered an arbitrary code execution flaw in Mercurial, a distributed version control system, when using the convert extension on Git repositories with specially crafted names. This flaw in particular affects automated code conversion services that allow arbitrary repository names.

For the stable distribution (jessie), this problem has been fixed in version 3.1.2-2+deb8u3.

For the unstable distribution (sid), this problem has been fixed in version 3.8.1-1.

We recommend that you upgrade your mercurial packages.