Bug 453550 (CVE-2008-2942) - CVE-2008-2942 mercurial: insufficient input validationn allowing file renames out of repository
Summary: CVE-2008-2942 mercurial: insufficient input validationn allowing file renames...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2008-2942
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On: 464632
Blocks:
TreeView+ depends on / blocked
 
Reported: 2008-07-01 09:50 UTC by Tomas Hoger
Modified: 2019-09-29 12:25 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-04-15 07:17:36 UTC
Embargoed:


Attachments (Terms of Use)

Description Tomas Hoger 2008-07-01 09:50:11 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2008-2942 to the following vulnerability:

Directory traversal vulnerability in patch.py in Mercurial 1.0.1
allows user-assisted attackers to modify arbitrary files via ".." (dot
dot) sequences in a patch file.

Upstream patch (+ test case):
http://www.selenic.com/hg/rev/87c704ac92d4

References:
http://www.openwall.com/lists/oss-security/2008/06/30/1

Comment 1 Tomas Hoger 2008-07-01 09:54:12 UTC
Test case from upstream commit:

echo % 'test paths outside repo root'
mkdir outside
touch outside/foo
hg init inside
cd inside
hg import - <<EOF
diff --git a/a b/b
rename from ../outside/foo
rename to bar
EOF
cd ..

This should affect all Fedora / EPEL versions.  Security implications are quite
minimal though (see also oss-security thread).


Comment 2 Dennis Gilmore 2009-03-19 19:38:40 UTC
mercurial-1.2-2.el4.1 and mercurial-1.2-2.el5.1  built and on the way to testing


Note You need to log in before you can comment on or make changes to this bug.