Jakub Wilk reported:
I recently discovered that it is possible create a maliciously crafted
patch that, when imported by a victim, will rename arbitrary files, even
outside the repository.
Patch and reproducer:
mercurial-1.0.1-r2 with the linked patch is in the tree.
Arches, please test and mark stable:
Target keywords : "alpha amd64 ia64 ppc ppc64 sparc x86"
glsa vote... I vote YES.
YES too, filing request.