[oe] [meta-oe][PATCH] mercurial: Upgrade to 4.4.1
Paul Barker
pbarker at toganlabs.com
Thu Nov 9 14:14:01 UTC 2017
On Thu, Nov 9, 2017 at 6:20 AM, Zhixiong Chi <zhixiong.chi at windriver.com> wrote:
> * Upgrade to the latest release to fix some CVEs:
> - CVE-2017-1000115: missing symlink check that can malicious repositories
> to modify files outside the repository
> - CVE-2017-1000116: did not adequately sanitize hostnames passed to ssh,
> leading to possible shell-injection attacks.
>
> * For other changes please see: https://www.mercurial-scm.org/wiki/WhatsNew
>
> * Update SRC_URI with the new download link
>
> Signed-off-by: Zhixiong Chi <zhixiong.chi at windriver.com>
I sent a similar patch a few days ago which is already staged here:
http://git.openembedded.org/meta-openembedded-contrib/log/?h=jansa/master
Thanks,
--
Paul Barker
Togán Labs Ltd
More information about the Openembedded-devel
mailing list