Hi, the following CVE id has been assigned to this issue, please reference it in the changelog when closing this bug.
Name: CVE-2008-2942 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2942 Reference: CONFIRM:http://www.selenic.com/hg/rev/87c704ac92d4 Reference: MLIST:[oss-security] 20080630 CVE id request mercurial:Insufficient input validation Reference: URL:http://www.openwall.com/lists/oss-security/2008/06/30/1 Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file. Kind regards Nico -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpC3kTpK0AaI.pgp
Description: PGP signature
