[slackware-security] mercurial

New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.

Here are the details from the Slackware 14.1 ChangeLog:

patches/packages/mercurial-3.8.1-i486-1_slack14.1.txz: Upgraded.
This update fixes possible arbitrary code execution when converting Git
repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
the convert extension on Git repos with hostile names. This could affect
automated code conversion services that allow arbitrary repository names.
This is a further side-effect of Git CVE-2015-7545.
Reported and fixed by Blake Burkhart.
For more information, see:
https://vulners.com/cve/CVE-2016-3105
(* Security fix *)

Where to find the new packages:

Thanks to the friendly folks at the OSU Open Source Lab
(http://osuosl.org) for donating FTP and rsync hosting
to the Slackware project! :-)

Also see the “Get Slack” section on http://slackware.com for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mercurial-3.8.1-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mercurial-3.8.1-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mercurial-3.8.1-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mercurial-3.8.1-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mercurial-3.8.1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mercurial-3.8.1-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/mercurial-3.8.1-i486-1_slack14.0.txz

Updated package for Slackware x86_64 14.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/mercurial-3.8.1-x86_64-1_slack14.0.txz

Updated package for Slackware 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/mercurial-3.8.1-i486-1_slack14.1.txz

Updated package for Slackware x86_64 14.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/mercurial-3.8.1-x86_64-1_slack14.1.txz

Updated package for Slackware -current:
ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/d/mercurial-3.8.1-i586-1.txz

Updated package for Slackware x86_64 -current:
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/d/mercurial-3.8.1-x86_64-1.txz

MD5 signatures:

Slackware 13.0 package:
a44e5b6d99cc72397c08132c3b791d4e mercurial-3.8.1-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
949d71ec712d3fd38bee44c36b0c2531 mercurial-3.8.1-x86_64-1_slack13.0.txz

Slackware 13.1 package:
19af9c3f3f9e9a0fdd2d610400782a25 mercurial-3.8.1-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
811c32ad2ab4538b3c492c12860afecc mercurial-3.8.1-x86_64-1_slack13.1.txz

Slackware 13.37 package:
41ad0aa802b4395122967052185295b5 mercurial-3.8.1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
92d5a5988c2ab0d35e4d28ec930f4250 mercurial-3.8.1-x86_64-1_slack13.37.txz

Slackware 14.0 package:
cffee097bf970ac62ae28fc61d2797f6 mercurial-3.8.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
fb70f773a7d0cb9a531ad48e9d2b2a92 mercurial-3.8.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
0cb96e41c4e305c23396a9b297153510 mercurial-3.8.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
6cd5f796f498083e1373bcb70863c2a9 mercurial-3.8.1-x86_64-1_slack14.1.txz

Slackware -current package:
0a3fb4b778f62811437ae888b3eddc3b d/mercurial-3.8.1-i586-1.txz

Slackware x86_64 -current package:
3ea801244a2d407ca83eeb19ae4cd46b d/mercurial-3.8.1-x86_64-1.txz

Installation instructions:

Upgrade the package as root:
> upgradepkg mercurial-3.8.1-i486-1_slack14.1.txz