1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200807-09 / mercurial |
| Release Date | July 15, 2008 |
| Latest Revision | July 15, 2008: 01 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| dev-util/mercurial | < 1.0.1-r2 | >= 1.0.1-r2 | All supported architectures |
Related bugreports: #230193
A directory traversal vulnerability in Mercurial allows for the renaming of arbitrary files.
Mercurial is a distributed Source Control Management system.
Jakub Wilk discovered a directory traversal vulnerabilty in the applydiff() function in the mercurial/patch.py file.
A remote attacker could entice a user to import a specially crafted patch, possibly resulting in the renaming of arbitrary files, even outside the repository.
There is no known workaround at this time.
All Mercurial users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=dev-util/mercurial-1.0.1-r2" |