Summary: | <dev-vcs/mercurial-4.1.3: arbitrary code excecution through python debbuger | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Kristian Fiskerstrand (RETIRED) <k_f> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | critical | CC: | chrisadr, djc, polynomial-c |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499 | ||
See Also: | https://bugs.debian.org/861243 | ||
Whiteboard: | C0 [glsa cve] | ||
Package list: |
dev-vcs/mercurial-4.2
|
Runtime testing required: | --- |
Bug Depends on: | 621280 | ||
Bug Blocks: |
Description
Kristian Fiskerstrand (RETIRED)
2017-06-06 19:07:58 UTC
Filed bug 621280 earlier, let's use that? (In reply to Dirkjan Ochtman from comment #1) > Filed bug 621280 earlier, let's use that? No problem using that for stabilization; updated this bug to reflect it (In reply to Dirkjan Ochtman from comment #1) > Filed bug 621280 earlier, let's use that? In general this isn't a problem. But sometimes overloaded arch teams will ignore non-security stabilization requests. I assigned the bug to security@, let's see if this will work. *** Bug 624726 has been marked as a duplicate of this bug. *** @ Arches, please continue stabilization of =dev-vcs/mercurial-4.2! arm stable GLSA Request filed. Cleanup from versions prior to 4.3 will occur in bug 627484. Gentoo Security Padawan ChrisADR This issue was resolved and addressed in GLSA 201709-18 at https://security.gentoo.org/glsa/201709-18 by GLSA coordinator Aaron Bauman (b-man). |