Closed Bug 1736062 Opened 3 years ago Closed 3 years ago

[wpt-sync] Sync PR 31272 - Use mercurial version 4.6.1

Categories

(Core :: CSS Parsing and Computation, task, P4)

Product:
Core
Component:
CSS Parsing and Computation
Type:
task

Tracking

()

Status:
RESOLVED FIXED
Milestone:
95 Branch
Tracking Flags:
Tracking Status
firefox95 --- fixed

People

(Reporter: wpt-sync, Unassigned)

References

(
URL
)

Details

(Whiteboard: [wptsync downstream])

Sync web-platform-tests PR 31272 into mozilla-central (this bug is closed when the sync is complete).

PR: https://github.com/web-platform-tests/wpt/pull/31272
Details from upstream follow.

Weizhong Xia <weizhong@google.com> wrote:

Use mercurial version 4.6.1

CVE-2018-13347 reports there is security risk to use version under
4.6.1. Upgrade to 4.6.1 per the suggestion.

Details: Affected versions of this package are vulnerable to Integer
Overflow or Wraparound. mpatch.c in Mercurial mishandles integer
addition and subtraction.

"pip install -r requirements.txt" is successful after the change.

Component: web-platform-tests → CSS Parsing and Computation
Product: Testing → Core
Test result changes from PR not available.
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f77a0c2f104b [wpt PR 31272] - Use mercurial version 4.6.1, a=testonly

https://hg.mozilla.org/mozilla-central/rev/f77a0c2f104b

Status: NEW → RESOLVED
Closed: 3 years ago
status-firefox95: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 95 Branch
You need to log in before you can comment on or make changes to this bug.