This is an old revision of the document!
Slackware-13.37 ChangeLog (2016-05-02)
Mon May 2 19:42:54 UTC 2016
Packages
Upgraded
- patches/packages/mercurial-3.8.1-i486-1_slack13.37.txz
This update fixes possible arbitrary code execution when converting Git
repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
the convert extension on Git repos with hostile names. This could affect
automated code conversion services that allow arbitrary repository names.
This is a further side-effect of Git CVE-2015-7545.
Reported and fixed by Blake Burkhart.
For more information, see:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
(* Security fix *)