projects / mercurial.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: 57ab725 0774d02)
mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high
authorJulien Cristau <jcristau@debian.org>
Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)
committerJulien Cristau <jcristau@debian.org>
Thu, 20 Mar 2025 12:56:44 +0000 (13:56 +0100)
commit1f34df4cb4714888b44dec46a4a9e95e2270f095
tree7e9699c6a1d3babf7bf96feffd0387e1527e7e9dtree | snapshot
parent57ab725847d1100b33b83f759cde6c4b8a1b40b7commit | diff
parent0774d02505f9757d3c8cdb68996e798952da38cccommit | diff
mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high

  * CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
  * patchbomb: don't test ambiguous address (fixes FTBFS after python's
    fix for CVE-2023-27043).

[dgit import unpatched mercurial 6.3.2-1+deb12u1]
44 files changed:
debian/NEWS | | blob
debian/README.Debian | | blob
debian/README.source | | blob
debian/cacerts.rc | | blob
debian/changelog | | blob
debian/control | | blob
debian/copyright | | blob
debian/gbp.conf | | blob
debian/hgext.rc | | blob
debian/hgext.rc.md5sums | | blob
debian/hgrc | | blob
debian/mercurial-common.bash-completion | | blob
debian/mercurial-common.dirs | | blob
debian/mercurial-common.examples | | blob
debian/mercurial-common.install | | blob
debian/mercurial-common.maintscript | | blob
debian/mercurial-common.postinst | | blob
debian/mercurial.dirs | | blob
debian/mercurial.install | | blob
debian/mercurial.links | | blob
debian/mercurial.postinst | | blob
debian/mercurial.postrm | | blob
debian/mercurial.test_blacklist | | blob
debian/patches/0005-Tolerate-SIGINT-getting-the-kill-in-test-stdio.py.patch | | blob
debian/patches/CVE-2025-2361.patch | | blob
debian/patches/cgitb.patch | | blob
debian/patches/deb_specific__disable_libdir_replacement.patch | | blob
debian/patches/deb_specific__hgk.py.patch | | blob
debian/patches/deb_specific__optional-dependencies | | blob
debian/patches/from_upstream_stable.patch | | blob
debian/patches/openssl_3_cipher_tlsv1.patch | | blob
debian/patches/patchbomb-ambiguous-address.patch | | blob
debian/patches/proposed_upstream__doctest.path | | blob
debian/patches/py310/9_tests__silence_asyncore_smtpd_deprecation_warnings.patch | | blob
debian/patches/series | | blob
debian/patches/test-hghave-testrepo.patch | | blob
debian/rules | | blob
debian/source/format | | blob
debian/tests/control | | blob
debian/tests/hgsubversion | | blob
debian/tests/mercurial-git | | blob
debian/tests/testsuite | | blob
debian/upstream/signing-key.asc | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.