Bug#1100899: marked as done (mercurial: reflected XSS in hgweb (CVE-2025-2361))

Sat, 05 Apr 2025 02:23:56 -0700 

Your message dated Thu, 20 Mar 2025 09:50:48 +0000
with message-id <e1tvcy4-00cdvf...@fasolo.debian.org>
and subject line Bug#1100899: fixed in mercurial 6.9.4-1
has caused the Debian Bug report #1100899,
regarding mercurial: reflected XSS in hgweb (CVE-2025-2361)
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1100899: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1100899
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: mercurial
Version: 0.9.2-1
Severity: grave
Tags: security upstream fixed-upstream
Justification: user security hole
X-Debbugs-Cc: jcris...@debian.org, Debian Security Team 
<t...@security.debian.org>

Refs:
https://lists.mercurial-scm.org/pipermail/mercurial-packaging/2025-March/000754.html
https://www.cve.org/CVERecord?id=CVE-2025-2361

Cheers,
Julien

--- End Message ---
--- Begin Message --- 
Source: mercurial
Source-Version: 6.9.4-1
Done: Julien Cristau <jcris...@debian.org>

We believe that the bug you reported is fixed in the latest version of
mercurial, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 1100...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Julien Cristau <jcris...@debian.org> (supplier of updated mercurial package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Mar 2025 10:33:45 +0100
Source: mercurial
Architecture: source
Version: 6.9.4-1
Distribution: unstable
Urgency: high
Maintainer: Debian Python Team <team+pyt...@tracker.debian.org>
Changed-By: Julien Cristau <jcris...@debian.org>
Closes: 1100899
Changes:
 mercurial (6.9.4-1) unstable; urgency=high
 .
   * New upstream bugfix release
     - CVE-2025-2361: reflected XSS in hgweb (closes: #1100899)
Checksums-Sha1:
 1355c6c4a93e9e2bc4664ca0ee7bcd61073a2e60 2826 mercurial_6.9.4-1.dsc
 48bad60d1f06fb5fef9ac32e1889acc4d79160ad 8670112 mercurial_6.9.4.orig.tar.gz
 2ffa31610b07131cc3ccf8d5e1aad766b0314027 833 mercurial_6.9.4.orig.tar.gz.asc
 96dbb0348e0a08347352ffd6d7e9ec3b39e068f8 55532 mercurial_6.9.4-1.debian.tar.xz
Checksums-Sha256:
 1edf1b43672d6e81a58760c8bc89bc38c12fba11dce885dca8fc058f94077139 2826 
mercurial_6.9.4-1.dsc
 7ea0e839ec8345277dd19d07250b4426134dc5d6682ff880a86a2b09b4e38ecd 8670112 
mercurial_6.9.4.orig.tar.gz
 0f96414b35cee0535339cb197746704bbf5f89a97fbf8c1a5adf5f3db5fa3f84 833 
mercurial_6.9.4.orig.tar.gz.asc
 2c788dffcb23adad89d2195ed2ef49058d50ef637a3e1d2f77c53dcabdf19127 55532 
mercurial_6.9.4-1.debian.tar.xz
Files:
 ef7c5d9821bd74546333d961c1c6d3e4 2826 vcs optional mercurial_6.9.4-1.dsc
 57cc5a04f2fb8a41e90526bd18a90cc5 8670112 vcs optional 
mercurial_6.9.4.orig.tar.gz
 8fedc900f7a049a372ca858c6d151b53 833 vcs optional 
mercurial_6.9.4.orig.tar.gz.asc
 fb9fac48a0f3720b63f946a81054dc4f 55532 vcs optional 
mercurial_6.9.4-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----

iQJIBAEBCgAyFiEEVXgdqzTmGgnvuIvhnbAjVVb4z60FAmfb4YQUHGpjcmlzdGF1
QGRlYmlhbi5vcmcACgkQnbAjVVb4z62yzhAApEjaS7nWurQWuWxDbZszy0LcLsTb
7ldW4uxQeZKDLe8zpo4rtbdd2Bgi43SLLax9h0pbsnos/B05HcfJwcExb8WUqhc5
T2CxD0cNVNgCah6eQku1MUv4fWtWNMl5tkv6Qe6OX5A8GC94kyqTadrYxUHq2nar
IdH6fD1W2Sn/eIuWY8adLsy2g4u2PlQhBG1QalWuqydFNUfHMUVMnMVSa7TDfKLj
SnX82eDqnkZvhlv3+s3+0pLpI7wOrLxR+P4Gs36VskATTXKFXVayrkr1pcpyw0oh
h5tLe6gHaRSMR1xh/O7icnX2owzJ2dAHDrAUStt7dv1eBnSpcpW7wb0F2ityD6FW
rTW8lQDcrO/tdpMsiEwUmxa3EW11TuOrVYVATzz56jIBjPD3QPdG72wZKMJmgR0f
3iXlaTepzgZLPLWCFn+UcNtiz8eIOmeJcR1c1NipNOZrQAOMCHKrmPzkaw1SeeMS
36xw+DMH6f2GceA8JHZfcjTClFavk59uPIBfHudkVjs7WKZG+MzsYIJFU+y7354y
D4gSNuUMn1GQjyQpYhOpuy+Mx6l3rMWrWBV1WYHNpiXAgVh8QVeMBHuWnxtx6n5g
l4pZBMfNbwXPPd5wfF1zkONg3tcOxia9+59bqwQ5CpuLfAriv/F5lmF+6hONUXsN
DNReLpnHSnFnEdc=
=/Mqz
-----END PGP SIGNATURE-----

Attachment: pgp1XM7K0J7j0.pgp
Description: PGP signature


--- End Message ---

Reply via email to