projects / mercurial.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(merge: d2a76f0 95b60ec)
mercurial (5.6.1-4+deb11u1) bullseye-security; urgency=medium
authorAndreas Henriksson <andreas@fatal.se>
Thu, 27 Mar 2025 18:23:02 +0000 (19:23 +0100)
committerAndreas Henriksson <andreas@fatal.se>
Thu, 27 Mar 2025 18:23:02 +0000 (19:23 +0100)
commit83273cc1e86ef5f68c81f4f5d1165be1718e7abf
tree0ec0554a44f1b9e23b9a3e76d34c208560c571cbtree | snapshot
parentd2a76f041ad71c480e191d3905f1189e5cbee268commit | diff
parent95b60ec6597ec84358bb5fbbb97e7d8f76cee85dcommit | diff
mercurial (5.6.1-4+deb11u1) bullseye-security; urgency=medium

  * Non-maintainer upload by the Debian LTS Security Team.

  [ Andreas Henriksson ]
  * Cherry-pick and massage bookworm (stable) patches by jcristau to apply
    on bullseye version of the package.

  [ Julien Cristau ]
  * CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
  * patchbomb: don't test ambiguous address
    (fixes FTBFS after python's fix for CVE-2023-27043).

[dgit import unpatched mercurial 5.6.1-4+deb11u1]
43 files changed:
debian/NEWS | | blob
debian/README.Debian | | blob
debian/README.source | | blob
debian/cacerts.rc | | blob
debian/changelog | | blob
debian/control | | blob
debian/copyright | | blob
debian/gbp.conf | | blob
debian/hg-ssh.8 | | blob
debian/hgext.rc | | blob
debian/hgext.rc.md5sums | | blob
debian/hgrc | | blob
debian/mercurial-common.bash-completion | | blob
debian/mercurial-common.dirs | | blob
debian/mercurial-common.examples | | blob
debian/mercurial-common.install | | blob
debian/mercurial-common.maintscript | | blob
debian/mercurial-common.manpages | | blob
debian/mercurial-common.postinst | | blob
debian/mercurial.dirs | | blob
debian/mercurial.install | | blob
debian/mercurial.links | | blob
debian/mercurial.postinst | | blob
debian/mercurial.postrm | | blob
debian/mercurial.test_blacklist | | blob
debian/patches/0005-Tolerate-SIGINT-getting-the-kill-in-test-stdio.py.patch | | blob
debian/patches/CVE-2025-2361.patch | | blob
debian/patches/deb_specific__disable_libdir_replacement.patch | | blob
debian/patches/deb_specific__hgk.py.patch | | blob
debian/patches/deb_specific__optional-dependencies | | blob
debian/patches/from_upstream-test-subrepo-new-git.patch | | blob
debian/patches/patchbomb-ambiguous-address.patch | | blob
debian/patches/proposed_upstream__doctest.path | | blob
debian/patches/python-3.9.2.patch | | blob
debian/patches/series | | blob
debian/rules | | blob
debian/source/format | | blob
debian/tests/control | | blob
debian/tests/hgsubversion | | blob
debian/tests/mercurial-git | | blob
debian/tests/testsuite | | blob
debian/upstream/signing-key.asc | | blob
debian/watch | | blob
Unnamed repository; edit this file 'description' to name the repository.