Your message dated Thu, 27 Mar 2025 00:32:24 +0000
with message-id <e1txbaw-00ajgd...@fasolo.debian.org>
and subject line Bug#1100899: fixed in mercurial 6.3.2-1+deb12u1
has caused the Debian Bug report #1100899,
regarding mercurial: reflected XSS in hgweb (CVE-2025-2361)
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1100899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: mercurial
Version: 0.9.2-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
X-Debbugs-Cc: jcris...@debian.org, Debian Security Team
<t...@security.debian.org>
Refs:
https://lists.mercurial-scm.org/pipermail/mercurial-packaging/2025-March/000754.html
https://www.cve.org/CVERecord?id=CVE-2025-2361
Cheers,
Julien
--- End Message ---
--- Begin Message ---
Source: mercurial
Source-Version: 6.3.2-1+deb12u1
Done: Julien Cristau <jcris...@debian.org>
We believe that the bug you reported is fixed in the latest version of
mercurial, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1100...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Julien Cristau <jcris...@debian.org> (supplier of updated mercurial package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Mar 2025 13:56:44 +0100
Source: mercurial
Architecture: source
Version: 6.3.2-1+deb12u1
Distribution: bookworm-security
Urgency: high
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Julien Cristau <jcris...@debian.org>
Closes: 1100899
Changes:
mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high
.
* CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
* patchbomb: don't test ambiguous address (fixes FTBFS after python's
fix for CVE-2023-27043).
Checksums-Sha1:
8aa6392f388fc181734b26c07b1402fae0ab0ebb 2880 mercurial_6.3.2-1+deb12u1.dsc
cba37469e3b63983e80bb005bf55fe94fefa6bf0 8092710 mercurial_6.3.2.orig.tar.gz
3858ecc2db068e4c3edd311e58a6a8912d3ea4c8 659 mercurial_6.3.2.orig.tar.gz.asc
efd29ec0bf28a450ab4c27cf25b8c6d41ad48713 93296
mercurial_6.3.2-1+deb12u1.debian.tar.xz
Checksums-Sha256:
382b975e1fc3c6943ff48be9f37a8911ec16d4253869e773264f0c3b1e645265 2880
mercurial_6.3.2-1+deb12u1.dsc
cfe6eeb5dd893ab32c0b79c1531aac420773e0fc837a35db3d4d92703df45a98 8092710
mercurial_6.3.2.orig.tar.gz
957cfd36a65beff1ccb355bf4260680e8ddd9450e6625f693578b8e98ed33643 659
mercurial_6.3.2.orig.tar.gz.asc
2ad627769d42e81133a310653d12849589d6e307fe9e1ba5cc8c5bb41a4c4c57 93296
mercurial_6.3.2-1+deb12u1.debian.tar.xz
Files:
202a2046a716be28986b066ff5adb822 2880 vcs optional
mercurial_6.3.2-1+deb12u1.dsc
37f5c2c5efee02fe25a0f344b2e3ca72 8092710 vcs optional
mercurial_6.3.2.orig.tar.gz
abbb05c2fe78fe30bf6cc110873c7d30 659 vcs optional
mercurial_6.3.2.orig.tar.gz.asc
3228c9a8399a9ecec84f20d35c8955f6 93296 vcs optional
mercurial_6.3.2-1+deb12u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmfcQAQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z60Pmw//eXXDSy0v/kOuetvEtCptRQMvBvHd
DsXTQBnA8PMpaLqncnYL7zo5GjwjsoYsugsQ6jUcD3Za/MdzmdPlYkHZkZw0LCzG
XlKrm4MZi7Ha4yisRgkJ4D0p7X8wXlqTkoCA/wSRXMRciU8BURM8llYD/juU+sXq
zjZTfiHdZHDz/qV82rOUZ2sqgGVX899q0rgtjnLYmjj3ntH02U3EtODLltWu+tKD
q4l+TcIrgZdR/6er1EQ7IiUCWYrxkXmKm31lSIzmmzWFDrcqemEBQG8PxeAuwCmR
VknvzkxZ624bJqqoo1i55F1Y3Q3n5vuVhrKiWUrER9vmitICWOhUCTkresLfTx24
t7q+uePEH+92JfGN6cXmUTB8LwzaXAB8EX/IbRAD4nHh5X6wrGo5L5lGJmxddMXI
b2m7w7IO5HZASIZFtUIwXWbPIEvHNkdQq9CAFWxOW+KnbXge63UfVOYZ4vXgRvyC
J7Gq50UVBzx5pzbgtn2Hk05lZp7bQZiX/xbxrGGij6VXohClmmObeBPEBqray/uX
+hQwfrh1j2twtEhdzu0fRM04aodISp8HaRzhzGj4O9yPMpJLiYdzx+rKlw3cYxUP
UOSsKMBEe6XsXNpe1kLxCz1aJGmYcSko+wW9dNmsAQO4u+j3VwHLVmoeT/hJNvMK
cke9nb3y/wlJke4=
=sfyt
-----END PGP SIGNATURE-----
pgp8sLlfLkVsW.pgp
Description: PGP signature
--- End Message ---
