Mercurial has released version 4.3 on August 10, fixing two security issues: https://www.mercurial-scm.org/wiki/WhatsNew There's also a 4.3.1, apparently released today, already in Cauldron. The announcement was here: https://www.mercurial-scm.org/pipermail/mercurial/2017-August/050522.html Mageia 5 is probably also affected.
mercurial-4.1.3-1.1.mga6 is in testing Suggested advisory: ======================== Updated mercurial packages fix security vulnerabilities: Mercurial was not sanitizing hostnames passed to ssh, allowing shell injection attacks by specifying a hostname starting with -oProxyCommand. References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000115 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000116 https://www.mercurial-scm.org/pipermail/mercurial/2017-August/050522.html Updated packages in core/updates_testing: ======================== mercurial-4.1.3-1.1.mga6 from mercurial-4.1.3-1.1.mga6.src.rpm Mageia 5 is probably also affected, but it is a very old version with a lot of patch, I didn't find time yet to do the backport.
CVE: (none) => CVE-2017-1000115 CVE-2017-1000116Assignee: makowski.mageia => qa-bugs
CC: (none) => makowski.mageia
Blocks: (none) => 21510
Whiteboard: (none) => advisory
Did a quick test on Mageia 6 x86_64 showing that basic functionality works: $ hg config --edit // set username/email for commits $ hg clone https://bitbucket.org/jthlim/pvrtccompressor $ cd pvrtccompressor $ nano BitScale.cpp // removed some random stuff $ hg diff diff -r cf7177748ee0 BitScale.cpp --- a/BitScale.cpp Thu Jan 08 18:37:52 2015 +0800 +++ b/BitScale.cpp Sat Aug 19 11:30:09 2017 +0200 @@ -1,9 +1,5 @@ #include "BitScale.h" -#ifdef _WIN32 -#define constexpr const -#endif - constexpr uint8_t Javelin::Data::BITSCALE_5_TO_8[32] = { 0, 8, 16, 24, 32, 41, 49, 57, 65, 74, 82, 90, 98, 106, 115, 123, 131, 139, 148, 156, $ hg commit -m 'Who cares about Windows anyway?' $ hg log | head -n 5 changeset: 19:3713a9f687fb tag: tip user: Rémi Verschelde <akien@mageia.org> date: Sat Aug 19 11:31:32 2017 +0200 summary: Who cares about Windows anyway?
Whiteboard: advisory => advisory has_procedure MGA6-64-OK
Validating.
CC: (none) => sysadmin-bugsKeywords: (none) => validated_update
An update for this issue has been pushed to the Mageia Updates repository. http://advisories.mageia.org/MGASA-2017-0282.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED