Joined: 12 May 2004
|Posted: Tue Jul 15, 2008 10:26 pm Post subject: [ GLSA 200807-09 ] Mercurial: Directory traversal
|Gentoo Linux Security Advisory
Title: Mercurial: Directory traversal (GLSA 200807-09)
Date: July 15, 2008
A directory traversal vulnerability in Mercurial allows for the renaming of
Mercurial is a distributed Source Control Management system.
Vulnerable: < 1.0.1-r2
Unaffected: >= 1.0.1-r2
Architectures: All supported architectures
Jakub Wilk discovered a directory traversal vulnerabilty in the
applydiff() function in the mercurial/patch.py file.
A remote attacker could entice a user to import a specially crafted
patch, possibly resulting in the renaming of arbitrary files, even
outside the repository.
There is no known workaround at this time.
All Mercurial users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=dev-util/mercurial-1.0.1-r2"
Last edited by GLSA on Sat Nov 06, 2010 4:26 am; edited 4 times in total