CVE-2008-2942

Name of the Vulnerable Software and Affected Versions Mercurial versions 1.0.1 through 1.0.1 Mercurial versions prior to 1.0.2

Description The issue allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file. This is due to a directory traversal vulnerability in the patch.py file.

Recommendations For Mercurial version 1.0.1, update to version 1.0.2 or later to resolve the issue. For Mercurial versions prior to 1.0.2, update to version 1.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the patch.py file until a patch is available.