I haven't found any clear description. A similar problem exists in git (bug 532984).
+*mercurial-3.2.3 (19 Dec 2014) + + 19 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> -mercurial-3.1.1.ebuild, + -mercurial-3.2.ebuild, +mercurial-3.2.3.ebuild: + Security bump (bug #533008). Removed old. +
Setting Whiteboard. Also reference for the vulnerability is here: http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html Maintainers, please advise when ebuilds have had enough testing, and are ready for stabilization.
Let's stabilize all of these: =dev-vcs/mercurial-2.3.2 =dev-vcs/hgsubversion-1.7 =dev-vcs/hg-git-0.7.0 (The latter two only on amd64 and x86.)
amd64 stable
x86 stable
Stable for HPPA.
ppc stable
ppc64 stable
Just to correct this to make sure: =dev-vcs/mercurial-3.2.3
ia64 stable
sparc stable
arm stable
dev-vcs/mercurial-3.2.3 stable on alpha.
Arches and Maintainer(s), Thank you for your work. New GLSA request filed.
This issue was resolved and addressed in GLSA 201612-19 at https://security.gentoo.org/glsa/201612-19 by GLSA coordinator Aaron Bauman (b-man).