Date: Mon, 30 Jun 2008 09:47:19 +0200 From: Steffen Joeris <steffen.joeris@...lelinux.de> To: oss-security@...ts.openwall.com Subject: CVE id request mercurial:Insufficient input validation Hi Moving this to oss-sec, since it is unembargoed. It is possible to touch files outside root with a maliciously crafted patch. Upstream patch: http://www.selenic.com/hg/rev/87c704ac92d4 Cheers Steffen Download attachment "signature.asc " of type "application/pgp-signature" (198 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ