Menu
▾
▴
Re: sourceforge miseries
|
From: Bruno H. <br...@cl...> - 2018-04-09 11:25:34
|
> $ ssh -t ha...@sh... create > > Waiting for your shell to start. > queued... > The shell did not start -- aborting. > > Connection to shell.sourceforge.net closed. Now I got a shell working, and I see that 'hg' on the server is of version 2.6.2, from 2012. Since then, there have been 6 CVEs with code execution in hg. [1][2] With that shell, I could do the "hg recover". But please, don't "hg push" anything until further notice! Bruno [1] https://www.cvedetails.com/product/14386/Mercurial-Mercurial.html?vendor_id=8291 [2] https://www.cvedetails.com/vulnerability-list/vendor_id-8291/Mercurial.html |
