Mercurial vulnerability? CVE-2010-4237
timeless
timeless at gmail.com
Thu Dec 9 04:03:46 CST 2010
On Thu, Dec 9, 2010 at 10:44 AM, Dirkjan Ochtman <dirkjan at ochtman.nl> wrote:
> Without wanting to be alarmist, there's a note in this week's LWN
> about security issue in Mercurial, found by Novell.
>
> https://bugzilla.novell.com/show_bug.cgi?id=645293
>
> This appears to have something to do with our lacking checks on SSL
> certificates. I didn't find anything in the WhatsNew, so I wonder if
> this was addressed already at some point?
That links to http://mercurial.selenic.com/bts/issue2407 which is resolved
More information about the Mercurial-devel
mailing list