[3.7] mercurial: Path-checking logic bypass via symlinks and subrepositories (CVE-2019-3902)
A flaw was found in Mercurial before 4.9. It was possible to use
symlinks and subrepositories
to defeat Mercurial’s path-checking logic and write files outside a repository.
This issue affects Mercurial version from 1.5.3 up to 4.8.2.
Fixed In Version:
(from redmine: issue id 10376, created on 2019-04-29)
- parent #10372