[continued from previous message]

-------------------------------------------------------------------------<br>
Debian Security Advisory DSA-3257-1 <a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a><br>
<a moz-do-not-send="true"
href="http://www.debian.org/security/" target="_blank">http://www.debian.org/security/</a>
Salvatore Bonaccorso<br>
May 11, 2015 <a moz-do-not-send="true"
href="http://www.debian.org/security/faq"
target="_blank">http://www.debian.org/security/faq</a><br>
- -------------------------------------------------------------------------<br>
<br>
Package : mercurial<br>
CVE ID : CVE-2014-9462<br>
Debian Bug : 783237<br>
<br>
Jesse Hertz of Matasano Security discovered that
Mercurial, a<br>
distributed version control system, is prone to a
command injection<br>
vulnerability via a crafted repository name in a clone
command.<br>
<br>
For the oldstable distribution (wheezy), this problem
has been fixed in<br>
version 2.2.2-4+deb7u1. This update also includes a fix
for<br>
CVE-2014-9390 previously scheduled for the next wheezy
point release.<br>
<br>
For the stable distribution (jessie), this problem has
been fixed in<br>
version 3.1.2-2+deb8u1.<br>
<br>
For the unstable distribution (sid), this problem has
been fixed in<br>
version 3.4-1.<br>
<br>
We recommend that you upgrade your mercurial packages.<br>
<br>
Further information about Debian Security Advisories,
how to apply<br>
these updates to your system and frequently asked
questions can be<br>
found at: <a moz-do-not-send="true"
href="https://www.debian.org/security/"
target="_blank">https://www.debian.org/security/</a><br>
<br>
Mailing list: <a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a><br>
-----BEGIN PGP SIGNATURE-----<br>
Version: GnuPG v1<br>
<br> iQIcBAEBCgAGBQJVUQtdAAoJEAVMuPMTQ89EQDcP/2qNgRl1fhhTTuzQUpTSutuF<br> 8tauTnYT3xuu3PB6aXDWEqFTmmKxUQQiOyVxTWeqeF7jWs7Wu0naTBrs+tKvC4b2<br> lxy8AC5asTNmPdxUeJMqsUonHvkFEBqGQnomhOwb/qB2oEMgO3vGCrrEs7IFGZ9r<br> Z+yi91ZbnzMXrH1t2cAGYRmilhquhLg0OEp4hjFhiEZor9GS+Ejdb+g2r/Ug5YFx<br> bQUsMwJ8ww5r8WjFkTybwAT9iORR2uD6QyyzT11w/F9nXmCZEcurCN+xJKtkyTLW<br> 7ImSrFuhcUbCYSSf9JYiY69SeojBXFkGD8maxjZG8avqzEiKqmxIODUVEn4qO5HD<br> bSBS/aG6oHD9Sw4pGAtrR2WlOucPf4UOnBxB2ztYrLgMrSE9uMBdceMK8ts2hIrP<br> e8AojdicvaJZ2q0BBWCo8BSsWpwwN4bgDnWj3d6r63cWWQM/6b6ZSA2NlQsAs0V1<br> oIVCpiUWZImc8I6GKpp3cQM69ECIIgH2+tr7gimsUlTzObP3heGqEqjrA60KAAdl<br> pe6vZClklSyhF1lOqW/p2SSLDcNWZ/ht/0bP223an1yXzwbVi8t/qRXGfggHi+cr<br> QXEhw2LSRBhQ+894iznWPXHmBdYqKu+hC/yMD+D0B5W64PSRtDxjfMoJi562pNWZ<br>
zifFdMx9P3uOVEHG+d+V<br>
=jXXY<br>
-----END PGP SIGNATURE-----<br>
<br>
<br>
--<br>
To UNSUBSCRIBE, email to
<a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a><br>
with a subject of "unsubscribe". Trouble? Contact
<a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a><br>
Archive: <a moz-do-not-send="true"
href="https://lists.debian.org/[email protected]"
target="_blank">https://lists.debian.org/[email protected]</a><br>
 </div>
</div>
</div>
</div>
</div>
-- To UNSUBSCRIBE, email to
<a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a>
with a subject of "unsubscribe". Trouble? Contact
<a class="moz-txt-link-abbreviated" href="mailto:[email protected]">[email protected]</a>
Archive:
<a class="moz-txt-link-freetext" href="https://lists.debian.org/trinity-e0570acb-0124-40c7-8393-ac79e4b864d3-1431376383081@3capp-gmx-bs16">https://lists.debian.org/trinity-e0570acb-0124-40c7-8393-ac79e4b864d3-1431376383081@3capp-gmx-bs16</a></blockquote>
<br>
</body>
</html>

--- SoupGate-Win32 v1.05
* Origin: you cannot sedate... all the things you hate (1:229/2)