oss-sec mailing list archives

CVE Request (mercurial)

From: Josh Bressers <bressers () redhat com>
Date: Wed, 17 Sep 2008 20:38:23 -0400 (EDT)

Hi Steve,

Looks like there's one more flaw in Mercurial we missed:
http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b

* hgweb: fix "allowpull" permission being ignored when pulling from hgweb

I admit I don't completely understand it.  rPath seems to have a little more info:
https://issues.rpath.com/browse/RPL-2753

Thanks

-- 
    JB

Current thread:

CVE Request (mercurial) Josh Bressers (Sep 17)
- Re: CVE Request (mercurial) Ludwig Nussel (Sep 29)
  - Re: CVE Request (mercurial) Robert Buchholz (Sep 29)
  - Re: CVE Request (mercurial) Christian Hoffmann (Sep 29)