-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 20 Mar 2025 13:56:44 +0100 Source: mercurial Binary: mercurial mercurial-dbgsym Architecture: i386 Version: 6.3.2-1+deb12u1 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-02) Changed-By: Julien Cristau Description: mercurial - easy-to-use, scalable distributed version control system Closes: 1100899 Changes: mercurial (6.3.2-1+deb12u1) bookworm-security; urgency=high . * CVE-2025-2361: reflected XSS in hgweb (closes: #1100899) * patchbomb: don't test ambiguous address (fixes FTBFS after python's fix for CVE-2023-27043). Checksums-Sha1: 3601955b05eda2e8942a23d3acb773db8c4cede4 1562012 mercurial-dbgsym_6.3.2-1+deb12u1_i386.deb e7f513d7e4032543d77c1041262c26ce418df6ed 7387 mercurial_6.3.2-1+deb12u1_i386-buildd.buildinfo 04033ba0f57fcca137effbad3a7343c7effab621 335680 mercurial_6.3.2-1+deb12u1_i386.deb Checksums-Sha256: 75979ad2e3397e54330f867077b8465470057c9658ec873138627f450210a1e6 1562012 mercurial-dbgsym_6.3.2-1+deb12u1_i386.deb 06286c109dc80df2a1a85a08ff1bd54ebf29186771a0488c5611c3703fcd81f6 7387 mercurial_6.3.2-1+deb12u1_i386-buildd.buildinfo 2c23e0040f8acade002f51fdc728d9f48a94a5be155671110e38fc024968d41e 335680 mercurial_6.3.2-1+deb12u1_i386.deb Files: 967de407536f4ea5c01298a22964f611 1562012 debug optional mercurial-dbgsym_6.3.2-1+deb12u1_i386.deb a7d6b90dbbcd61022e7c89fbf6d1754b 7387 vcs optional mercurial_6.3.2-1+deb12u1_i386-buildd.buildinfo 777b45c44d956cede29f4f91f8b9b9ac 335680 vcs optional mercurial_6.3.2-1+deb12u1_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEc5vuvf2HND40bnI+8IREj/cRiTMFAmfcSTMACgkQ8IREj/cR iTOxHg//SDQ4bWCnteMCt0ctrayRcmxdTEsXWptyWYYhcRBvzOS/llNZBWQJsGP8 e2G2Z4E5hD9hlsFPYwzSu2Iwe42NtTKSKzgyKD6SH9BFPS4thpLSwqiAHaH357YJ ZB5vqV8voI3FzOfwm9Xh3XSQsTi/f2dgBpyuewsqyY84NfRyrcPzJfd5zHi/L4+V OHgVlM3UKNarLgIkGzl7a80doNJz+Y/c5z3EuXqSYpBepvXEMlyE7aHxa+J4IfPs /q5dFboiGelVQ8I23PuSfox7L86tvYrt127hHX6/pvCsWjdnkXmsPiG3HlTGJrfx D+C/bR+wyDlDItsjzkDaYRyoldPDgDe0JFSaSlgB00hs7yrcFKUSdox1qpxV07bV H/qPSQbTEGoLJcxiHpp+jC0tw7irkOUuVE5zrnr/8EVIpYYCiFo833ctC+jwFLgH 4TYCFsg9oKmfjyukg10Spc9bkfI0Rdrwt2mOmGxswGz8HKGnZIWu1aIJv0w8i864 bP4oaNdeEpUikC8XtUR4QQwC8On9bFRrW1I/JQOQeUZZGFmjaU7KrJMZBgXkwcH4 fVSno9K5z1qlyS/glUOdpSCGXID1R90ddeD6voQVy8MrCdqTPdQY68JOp0qGc9L7 S0OUOrtdrqpg1bFyQuNplO9Z5YC2udlGi+6F2mg37pNOeSvossI= =jAxa -----END PGP SIGNATURE-----