Slackware64-13.1 ChangeLog (2016-05-02)

Mon May 2 19:42:54 UTC 2016

  • patches/packages/mercurial-3.8.1-x86_64-1_slack13.1.txz
    This update fixes possible arbitrary code execution when converting Git
    repos. Mercurial prior to 3.8 allowed arbitrary code execution when using
    the convert extension on Git repos with hostile names. This could affect
    automated code conversion services that allow arbitrary repository names.
    This is a further side-effect of Git CVE-2015-7545.
    Reported and fixed by Blake Burkhart.
    For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
    (* Security fix *)
  • news/2016/05/02/slackware64-13.1-changelog.txt
  • Last modified: 4 years ago
  • by Giuseppe Di Terlizzi