JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mercurial: 3.7.1 -> 3.7.3 for multiple CVEs

Browse Source 
CVE-2016-3068

    Blake Burkhart discovered that Mercurial allows URLs for Git
    subrepositories that could result in arbitrary code execution on
    clone.

CVE-2016-3069

    Blake Burkhart discovered that Mercurial allows arbitrary code
    execution when converting Git repositories with specially
    crafted names.

CVE-2016-3630

    It was discovered that Mercurial does not properly perform bounds-
    checking in its binary delta decoder, which may be exploitable for
    remote code execution via clone, push or pull.
This commit is contained in:
Graham Christensen 2016-04-07 21:24:49 -05:00
parent 0db23cf75c
commit f9099deb8e
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
pkgs/applications/version-management/mercurial/default.nix
View File

@ -3,7 +3,7 @@
, ApplicationServices, cf-private }:
let
version = "3.7.1";
version = "3.7.3";
name = "mercurial-${version}";
in
@ -12,7 +12,7 @@ stdenv.mkDerivation {
src = fetchurl {
url = "http://mercurial.selenic.com/release/${name}.tar.gz";
sha256 = "1vfgqlb8z2k1vcx2nvcianxmml79cqqqncchw6aj40sa8hgpvlwn";
sha256 = "0c2vkad9piqkggyk8y310rf619qgdfcwswnk3nv21mg2fhnw96f0";
};
inherit python; # pass it so that the same version can be used in hg2git