oss-sec mailing list archives
Re: CVE Request (mercurial)
From: Christian Hoffmann <hoffie () gentoo org>
Date: Mon, 29 Sep 2008 17:12:10 +0200
On 2008-09-29 16:13, Ludwig Nussel wrote:
Josh Bressers wrote:Looks like there's one more flaw in Mercurial we missed: http://www.selenic.com/mercurial/wiki/index.cgi/WhatsNew#head-905b8adb3420a77d92617e06590055bd8952e02b * hgweb: fix "allowpull" permission being ignored when pulling from hgwebDid anyone assign a CVE number for this issue yet?
Looks like CVE-2008-4297 [1] has been assigned to this issue, at least our bug [2] mentions it and the description matches. ;o) [1] http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4297 [2] https://bugs.gentoo.org/show_bug.cgi?id=239055 -- Christian Hoffmann
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request (mercurial) Josh Bressers (Sep 17)
- Re: CVE Request (mercurial) Ludwig Nussel (Sep 29)
- Re: CVE Request (mercurial) Robert Buchholz (Sep 29)
- Re: CVE Request (mercurial) Christian Hoffmann (Sep 29)
- Re: CVE Request (mercurial) Ludwig Nussel (Sep 29)