Summary: | <dev-vcs/mercurial-3.2.3: vulnerability on case-insensitive file systems (CVE-2014-9390) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Dirkjan Ochtman (RETIRED) <djc> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | djc, polynomial-c, skrattaren |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://mercurial.selenic.com/wiki/WhatsNew#Mercurial_3.2.3_.282014-12-18.29 | ||
Whiteboard: | B2 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Dirkjan Ochtman (RETIRED)
2014-12-19 09:31:33 UTC
+*mercurial-3.2.3 (19 Dec 2014) + + 19 Dec 2014; Lars Wendler <polynomial-c@gentoo.org> -mercurial-3.1.1.ebuild, + -mercurial-3.2.ebuild, +mercurial-3.2.3.ebuild: + Security bump (bug #533008). Removed old. + Setting Whiteboard. Also reference for the vulnerability is here: http://git-blame.blogspot.com/2014/12/git-1856-195-205-214-and-221-and.html Maintainers, please advise when ebuilds have had enough testing, and are ready for stabilization. Let's stabilize all of these: =dev-vcs/mercurial-2.3.2 =dev-vcs/hgsubversion-1.7 =dev-vcs/hg-git-0.7.0 (The latter two only on amd64 and x86.) amd64 stable x86 stable Stable for HPPA. ppc stable ppc64 stable Just to correct this to make sure: =dev-vcs/mercurial-3.2.3 ia64 stable sparc stable arm stable dev-vcs/mercurial-3.2.3 stable on alpha. Arches and Maintainer(s), Thank you for your work. New GLSA request filed. This issue was resolved and addressed in GLSA 201612-19 at https://security.gentoo.org/glsa/201612-19 by GLSA coordinator Aaron Bauman (b-man). |