---
- branch: MAIN
  date: Sun Sep  3 14:16:43 UTC 2017
  files:
  - new: '1.8'
    old: '1.7'
    path: pkgsrc/devel/py-hg-git/Makefile
    pathrev: pkgsrc/devel/py-hg-git/Makefile@1.8
    type: modified
  - new: '1.5'
    old: '1.4'
    path: pkgsrc/devel/py-hg-git/distinfo
    pathrev: pkgsrc/devel/py-hg-git/distinfo@1.5
    type: modified
  id: 20170903T141643Z.bfc22fabf2d51e296db6778a01dfa29d871ba26d
  log: |
    Updated py-hg-git to 0.8.9.

    hg-git 0.8.9 has just been tagged and uploaded to PyPI. This release
    is compatible with the just-released Mercurial 4.3.

    This release includes a fix for CVE-2017-1000116. From the Mercurial
    release announcement:

    Mercurial was not sanitizing hostnames passed to ssh, allowing shell
    injection attacks by specifying a hostname starting with -oProxyCommand.
    This is also present in Git (CVE-2017-1000117) and Subversion
    (CVE-2017-9800), so please patch those tools as well if you have
    them installed. All three tools are doing their security release
    today.
  module: pkgsrc
  subject: 'CVS commit: pkgsrc/devel/py-hg-git'
  unixtime: '1504448203'
  user: wiz