GLSA-200807-09 : Mercurial: Directory traversal
Medium Nessus Plugin ID 33509
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200807-09 (Mercurial: Directory traversal)
Jakub Wilk discovered a directory traversal vulnerability in the applydiff() function in the mercurial/patch.py file.
A remote attacker could entice a user to import a specially crafted patch, possibly resulting in the renaming of arbitrary files, even outside the repository.
There is no known workaround at this time.
SolutionAll Mercurial users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=dev-util/mercurial-1.0.1-r2'