Red Hat Bugzilla – Bug 453550
CVE-2008-2942 mercurial: insufficient input validationn allowing file renames out of repository
Last modified: 2016-03-04 07:56:24 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2942 to the following vulnerability:
Directory traversal vulnerability in patch.py in Mercurial 1.0.1
allows user-assisted attackers to modify arbitrary files via ".." (dot
dot) sequences in a patch file.
Upstream patch (+ test case):
Test case from upstream commit:
echo % 'test paths outside repo root'
hg init inside
hg import - <<EOF
diff --git a/a b/b
rename from ../outside/foo
rename to bar
This should affect all Fedora / EPEL versions. Security implications are quite
minimal though (see also oss-security thread).
mercurial-1.2-2.el4.1 and mercurial-1.2-2.el5.1 built and on the way to testing