-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[slackware-security]  mercurial (SSA:2016-123-01)

New mercurial packages are available for Slackware 13.0, 13.1, 13.37, 14.0,
14.1, and -current to fix a security issue.


Here are the details from the Slackware 14.1 ChangeLog:
+--------------------------+
patches/packages/mercurial-3.8.1-i486-1_slack14.1.txz:  Upgraded.
  This update fixes possible arbitrary code execution when converting Git
  repos.  Mercurial prior to 3.8 allowed arbitrary code execution when using
  the convert extension on Git repos with hostile names.  This could affect
  automated code conversion services that allow arbitrary repository names.
  This is a further side-effect of Git CVE-2015-7545.
  Reported and fixed by Blake Burkhart.
  For more information, see:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3105
  (* Security fix *)
+--------------------------+


Where to find the new packages:
+-----------------------------+

Thanks to the friendly folks at the OSU Open Source Lab
(https://osuosl.org/) for donating FTP and rsync hosting
to the Slackware project!  :-)

Also see the "Get Slack" section on http://www.slackware.com/ for
additional mirror sites near you.

Updated package for Slackware 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/mercurial-3.8.1-i486-1_slack13.0.txz

Updated package for Slackware x86_64 13.0:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/mercurial-3.8.1-x86_64-1_slack13.0.txz

Updated package for Slackware 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/mercurial-3.8.1-i486-1_slack13.1.txz

Updated package for Slackware x86_64 13.1:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/mercurial-3.8.1-x86_64-1_slack13.1.txz

Updated package for Slackware 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/mercurial-3.8.1-i486-1_slack13.37.txz

Updated package for Slackware x86_64 13.37:
ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/mercurial-3.8.1-x86_64-1_slack13.37.txz

Updated package for Slackware 14.0:

Updated package for Slackware x86_64 14.0:

Updated package for Slackware 14.1:

Updated package for Slackware x86_64 14.1:

Updated package for Slackware -current:

Updated package for Slackware x86_64 -current:


MD5 signatures:
+-------------+

Slackware 13.0 package:
a44e5b6d99cc72397c08132c3b791d4e  mercurial-3.8.1-i486-1_slack13.0.txz

Slackware x86_64 13.0 package:
949d71ec712d3fd38bee44c36b0c2531  mercurial-3.8.1-x86_64-1_slack13.0.txz

Slackware 13.1 package:
19af9c3f3f9e9a0fdd2d610400782a25  mercurial-3.8.1-i486-1_slack13.1.txz

Slackware x86_64 13.1 package:
811c32ad2ab4538b3c492c12860afecc  mercurial-3.8.1-x86_64-1_slack13.1.txz

Slackware 13.37 package:
41ad0aa802b4395122967052185295b5  mercurial-3.8.1-i486-1_slack13.37.txz

Slackware x86_64 13.37 package:
92d5a5988c2ab0d35e4d28ec930f4250  mercurial-3.8.1-x86_64-1_slack13.37.txz

Slackware 14.0 package:
cffee097bf970ac62ae28fc61d2797f6  mercurial-3.8.1-i486-1_slack14.0.txz

Slackware x86_64 14.0 package:
fb70f773a7d0cb9a531ad48e9d2b2a92  mercurial-3.8.1-x86_64-1_slack14.0.txz

Slackware 14.1 package:
0cb96e41c4e305c23396a9b297153510  mercurial-3.8.1-i486-1_slack14.1.txz

Slackware x86_64 14.1 package:
6cd5f796f498083e1373bcb70863c2a9  mercurial-3.8.1-x86_64-1_slack14.1.txz

Slackware -current package:
0a3fb4b778f62811437ae888b3eddc3b  d/mercurial-3.8.1-i586-1.txz

Slackware x86_64 -current package:
3ea801244a2d407ca83eeb19ae4cd46b  d/mercurial-3.8.1-x86_64-1.txz


Installation instructions:
+------------------------+

Upgrade the package as root:
# upgradepkg mercurial-3.8.1-i486-1_slack14.1.txz


+-----+