Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
mercurial.7061
CVE-2017-1000116-0004.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File CVE-2017-1000116-0004.patch of Package mercurial.7061
# HG changeset patch # User Sean Farley <sean@farley.io> # Date 1501623619 25200 # Tue Aug 01 14:40:19 2017 -0700 # Branch stable # Node ID f93975a5ebe8e0e96c8c1220ee6cb2a0e49cc9b9 # Parent e10745311406a9c6d2938583028ee2aaf74dd2bd sshpeer: check for safe ssh url (SEC) Checking in the sshpeer for a rogue ssh:// urls seems like the right place to do it (instead of whack-a-mole with pull, clone, push, etc). --- mercurial/sshpeer.py | 2 ++ 1 file changed, 2 insertions(+) --- a/mercurial/sshpeer.py +++ b/mercurial/sshpeer.py @@ -37,6 +37,8 @@ class sshpeer(wireproto.wirepeer): if u.scheme != 'ssh' or not u.host or u.path is None: self._abort(error.RepoError(_("couldn't parse location %s") % path)) + util.checksafessh(path) + self.user = u.user if u.passwd is not None: self._abort(error.RepoError(_("password in URL not supported")))
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor