Zhixiong Chi
|
ef316309bb
|
mercurial: CVE-2017-9462
Backport the CVE patch from
https://www.mercurial-scm.org/repo/hg/rev/77eaf9539499
"hg serve --stdio" allows remote authenticated users to launch the
Python debugger, and consequently execute arbitrary code, by using
--debugger as a repository name.
CVE: CVE-2017-9462
Signed-off-by: Zhixiong Chi <zhixiong.chi@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
2017-07-17 11:17:47 -07:00 |
|