Hi,
the following CVE id has been assigned to this issue, please
reference it in the changelog when closing this bug.
Name: CVE-2008-2942
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2942
Reference: CONFIRM:http://www.selenic.com/hg/rev/87c704ac92d4
Reference: MLI
Package: mercurial
Severity: grave
Tags: security, patch
Justification: user security hole
Hi
It is possible to rename arbitrary files, even outside
the repository by using a maliciously crafted patch.
Proof of concept:
echo quux > /tmp/foo
cat /tmp/foo /tmp/bar
quux
cat: /tmp/bar: No such file
2 matches
Mail list logo
