1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.RC

  • Bug#1100899: mercurial: reflected XSS in hgweb (CVE-2025-2361)

    From Julien Cristau@21:1/5 to All on Thu Mar 20 10:40:05 2025
    Package: mercurial
    Version: 0.9.2-1
    Severity: grave
    Tags: security upstream fixed-upstream
    Justification: user security hole
    X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>

    Refs: https://lists.mercurial-scm.org/pipermail/mercurial-packaging/2025-March/000754.html
    https://www.cve.org/CVERecord?id=CVE-2025-2361

    Cheers,
    Julien

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Debian Bug Tracking System@21:1/5 to All on Thu Mar 20 11:00:01 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 20 Mar 2025 09:50:48 +0000
    with message-id <[email protected]>
    and subject line Bug#1100899: fixed in mercurial 6.9.4-1
    has caused the Debian Bug report #1100899,
    regarding mercurial: reflected XSS in hgweb (CVE-2025-2361)
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1100899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100899
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 20 Mar 2025 09:26:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-118.5 required=4.0 tests=ALL_TRUSTED,BAYES_00,
    BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,
    DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,HAS_PACKAGE,SPF_HELO_NONE,
    SPF_NONE,USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 135; neutral, 19; spammy,
    0. spammytokens: hammytokens:0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--Hx-spam-relays-external:36ff,
    0.000-+--H*r:36ff, 0.000-+--H*F:U*jcristau
    Return-path: <[email protected]>
    Received: from master.debian.org ([2001:41b8:202:deb:216
  • From Debian Bug Tracking System@21:1/5 to All on Thu Mar 27 01:40:01 2025
    This is a multi-part message in MIME format...

    Your message dated Thu, 27 Mar 2025 00:32:24 +0000
    with message-id <[email protected]>
    and subject line Bug#1100899: fixed in mercurial 6.3.2-1+deb12u1
    has caused the Debian Bug report #1100899,
    regarding mercurial: reflected XSS in hgweb (CVE-2025-2361)
    to be marked as done.

    This means that you claim that the problem has been dealt with.
    If this is not the case it is now your responsibility to reopen the
    Bug report if necessary, and/or fix the problem forthwith.

    (NB: If you are a system administrator and have no idea what this
    message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact [email protected]
    immediately.)


    --
    1100899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100899
    Debian Bug Tracking System
    Contact [email protected] with problems

    Received: (at submit) by bugs.debian.org; 20 Mar 2025 09:26:07 +0000 X-Spam-Checker-Version: SpamAssassin 3.4.6-bugs.debian.org_2005_01_02
    (2021-04-09) on buxtehude.debian.org
    X-Spam-Level:
    X-Spam-Status: No, score=-118.5 required=4.0 tests=ALL_TRUSTED,BAYES_00,
    BODY_INCLUDES_PACKAGE,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,
    DKIM_VALID_AU,DKIM_VALID_EF,FROMDEVELOPER,HAS_PACKAGE,SPF_HELO_NONE,
    SPF_NONE,USER_IN_DKIM_WELCOMELIST,USER_IN_DKIM_WHITELIST autolearn=ham
    autolearn_force=no version=3.4.6-bugs.debian.org_2005_01_02 X-Spam-Bayes: score:0.0000 Tokens: new, 19; hammy, 135; neutral, 19; spammy,
    0. spammytokens: hammytokens:0.000-+--XDebbugsCc,
    0.000-+--X-Debbugs-Cc, 0.000-+--Hx-spam-relays-external:36ff,
    0.000-+--H*r:36ff, 0.000-+--H*F:U*jcristau
    Return-path: <[email protected]>
    Received: from master.debian.org ([2001:41b8:202:deb:216