oss-sec mailing list archives
CVE id request mercurial:Insufficient input validation
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Mon, 30 Jun 2008 09:47:19 +0200
Hi Moving this to oss-sec, since it is unembargoed. It is possible to touch files outside root with a maliciously crafted patch. Upstream patch: http://www.selenic.com/hg/rev/87c704ac92d4 Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE id request mercurial:Insufficient input validation Steffen Joeris (Jun 30)
- Re: CVE id request mercurial:Insufficient input validation Steven M. Christey (Jun 30)