Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2018-1000132

Source

Debian Bug report logs - #892964
mercurial: CVE-2018-1000132

Package: src:mercurial; Maintainer for src:mercurial is Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Wed, 14 Mar 2018 21:33:01 UTC

Severity: grave

Tags: security, upstream

Found in version mercurial/3.1.2-1

Fixed in version 4.5.2-1

Done: Julien Cristau <jcristau@debian.org>

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, team@security.debian.org, Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>:
Bug#892964; Package src:mercurial. (Wed, 14 Mar 2018 21:33:04 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, team@security.debian.org, Python Applications Packaging Team <python-apps-team@lists.alioth.debian.org>. (Wed, 14 Mar 2018 21:33:04 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Source: mercurial
Version: 3.1.2-1
Severity: grave
Tags: security upstream

Hi,

the following vulnerability was published for mercurial.

CVE-2018-1000132[0]:
| Mercurial version 4.5 and earlier contains a Incorrect Access Control
| (CWE-285) vulnerability in Protocol server that can result in
| Unauthorized data access. This attack appear to be exploitable via
| network connectivity. This vulnerability appears to have been fixed in
| 4.5.1.

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2018-1000132
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000132
[1] https://www.mercurial-scm.org/wiki/WhatsNew#Mercurial_4.5.1_.2F_4.5.2_.282018-03-06.29

Regards,
Salvatore

Reply sent to Julien Cristau <jcristau@debian.org>:
You have taken responsibility. (Wed, 21 Mar 2018 13:51:13 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Wed, 21 Mar 2018 13:51:13 GMT) (full text, mbox, link).

Message #10 received at 892964-done@bugs.debian.org (full text, mbox, reply):

Source: mercurial
Version: 4.5.2-1

Apologies for not including this in the package changelog.  The 4.5.2
release (just uploaded) includes fixes for these security bugs.

Cheers,
Julien

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 17:35:23 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

mercurial: CVE-2018-1000132

Debian Bug report logs - #892964
mercurial: CVE-2018-1000132

Vulmon Search

About

Products

Connect

mercurial: CVE-2018-1000132

Debian Bug report logs - #892964 mercurial: CVE-2018-1000132

Vulmon Search

About

Products

Connect

Debian Bug report logs - #892964
mercurial: CVE-2018-1000132