mercurial: 3.7.1 -> 3.7.3 for multiple CVEs

CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone. CVE-2016-3069 Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git repositories with specially crafted names. CVE-2016-3630 It was discovered that Mercurial does not properly perform bounds- checking in its binary delta decoder, which may be exploitable for remote code execution via clone, push or pull.
author: Graham Christensen <graham@grahamc.com> 2016-04-07 21:24:49 -0500
committer: Graham Christensen <graham@grahamc.com> 2016-04-07 21:24:49 -0500
commit: f9099deb8ed18935b993b90c769af3f55bfcbb00 (patch)
tree: 457efdf691d2ff90840718971905b8067332e281 /pkgs
parent: 0db23cf75cdcb80f4d238b8487026e8d602c8a0f (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/pkgs/applications/version-management/mercurial/default.nix b/pkgs/applications/version-management/mercurial/default.nix
index b99727b2c9b61..f44baad4715b0 100644
--- a/pkgs/applications/version-management/mercurial/default.nix
+++ b/pkgs/applications/version-management/mercurial/default.nix
@@ -3,7 +3,7 @@
 , ApplicationServices, cf-private }:
 
 let
-  version = "3.7.1";
+  version = "3.7.3";
   name = "mercurial-${version}";
 in
 
@@ -12,7 +12,7 @@ stdenv.mkDerivation {
 
   src = fetchurl {
     url = "http://mercurial.selenic.com/release/${name}.tar.gz";
-    sha256 = "1vfgqlb8z2k1vcx2nvcianxmml79cqqqncchw6aj40sa8hgpvlwn";
+    sha256 = "0c2vkad9piqkggyk8y310rf619qgdfcwswnk3nv21mg2fhnw96f0";
   };
 
   inherit python; # pass it so that the same version can be used in hg2git
author	Graham Christensen <graham@grahamc.com>	2016-04-07 21:24:49 -0500
committer	Graham Christensen <graham@grahamc.com>	2016-04-07 21:24:49 -0500
commit	f9099deb8ed18935b993b90c769af3f55bfcbb00 (patch)
tree	457efdf691d2ff90840718971905b8067332e281 /pkgs
parent	0db23cf75cdcb80f4d238b8487026e8d602c8a0f (diff)