SUSE has issued an advisory on October 25: http://lists.suse.com/pipermail/sle-security-updates/2018-October/004788.html The issue is fixed upstream in 4.7.2. Mageia 6 is also affected.
Assigning to the registered maintainer. CC'ing Shlomi, who pushed mercurial several times, because I don't remember having seen Philippe since August 25. I hope you're fine, Philippe!
Assignee: bugsquad => makowski.mageiaCC: (none) => marja11, shlomif
openSUSE has issued an advisory for this on October 27: https://lists.opensuse.org/opensuse-updates/2018-10/msg00212.html
Submitted mercurial 4.7.2 to mga6 core/updates_testing.
Version: Cauldron => 6
Advisory: ======================== Updated mercurial packages fix security vulnerability: An out-of-bounds read during parsing of a malformed manifest entry (CVE-2018-17983). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17983 https://lists.opensuse.org/opensuse-updates/2018-10/msg00212.html ======================== Updated packages in core/updates_testing: ======================== mercurial-4.7.2-1.mga6 from mercurial-4.7.2-1.mga6.src.rpm
Assignee: makowski.mageia => qa-bugs
Installed and tested without issues. Tests included init, clone, pull, push, status, commit, update, log, etc. Tested on a several repositories, remote and local. System: Mageia 6, x86_64, Intel CPU. $ uname -a Linux marte 4.14.78-desktop-1.mga6 #1 SMP Sun Oct 21 20:31:12 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux $ rpm -q mercurial mercurial-4.7.2-1.mga6
Whiteboard: (none) => MGA6-64-OKCC: (none) => mageia
MGA6-32 MATE on IBM Thinkpad R50e No installation issues Made tests as per bug 22895 Comment 5 and Comment 7, all worked OK
CC: (none) => herman.viaeneWhiteboard: MGA6-64-OK => MGA6-64-OK MGA6-32-OK
Validating. Advisory in Comment 4.
Keywords: (none) => validated_updateCC: (none) => andrewsfarm, sysadmin-bugs
Advisoried from comment4.
Keywords: (none) => advisoryCC: (none) => lewyssmith
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2018-0442.html
Resolution: (none) => FIXEDStatus: NEW => RESOLVED