For tracking purposes: mercurial 4.6.1 contains security fixes as denoted in: https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.6.1_.282018-06-06.29 1.1. Security Fixes Multiple issues found in mpatch.c with a fuzzer: OVE-20180430-0001 OVE-20180430-0002 OVE-20180430-0004 With the following fixes: mpatch: be more careful about parsing binary patch data (SEC) mpatch: protect against underflow in mpatch_apply (SEC) mpatch: ensure fragment start isn't past the end of orig (SEC) mpatch: fix UB in int overflows in gather() (SEC) mpatch: fix UB integer overflows in discard() (SEC) mpatch: avoid integer overflow in mpatch_decode (SEC) mpatch: avoid integer overflow in combine() (SEC) No exploits are known at the time, however, it is highly recommended that all users upgrade. No CVEs are yet assigned. Gentoo Security Scout Florian Schuhmacher
amd64 stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=092f0026101933f10427916cb9c73b90a814c699 commit 092f0026101933f10427916cb9c73b90a814c699 Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-07-11 17:18:54 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-07-11 21:21:53 +0000 dev-vcs/mercurial: stable 4.6.2 for sparc Bug: https://bugs.gentoo.org/658712 Package-Manager: Portage-2.3.40, Repoman-2.3.9 RepoMan-Options: --include-arches="sparc" dev-vcs/mercurial/mercurial-4.6.2.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
x86 stable
Stable on alpha.
arm stable
ia64 stable
ppc/ppc64 stable. all arches stable
Fixes are in 4.6.1. Maintainer decided to stable 4.6.2. Summary adjusted. @maintainer, HPPA is not a stable arch... if you would like to proceed with cleanup of 4.5.2.
please clean.
Maintainer(s), please drop the vulnerable version(s).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=a3a686e12d8c35676f4dec2250d66bc42ef70796 commit a3a686e12d8c35676f4dec2250d66bc42ef70796 Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2019-04-17 08:12:17 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2019-04-17 08:12:17 +0000 dev-vcs/mercurial: Security cleanup Bug: https://bugs.gentoo.org/658712 Package-Manager: Portage-2.3.63, Repoman-2.3.12 Signed-off-by: Lars Wendler <polynomial-c@gentoo.org> dev-vcs/mercurial/Manifest | 3 - dev-vcs/mercurial/mercurial-4.5.2.ebuild | 137 ---------------------------- dev-vcs/mercurial/mercurial-4.7.1.ebuild | 136 ---------------------------- dev-vcs/mercurial/mercurial-4.8.2.ebuild | 148 ------------------------------- 4 files changed, 424 deletions(-)
