Command injection through URL in Pidgin

Ethan Blanton elb at
Fri Jun 14 12:07:40 EDT 2013

Tomasz Wasilczyk spake unto us the following wisdom:
> $ hg clone ssh:// private-main
> running ssh 'hg -R private/main serve --stdio'
> remote: mercurial-server: access denied
> abort: no suitable response from remote hg!
> Do I have proper access rights for this repository?

You do now.  Your key hadn't been moved from CPW to dev.  I just
pushed that change.


More information about the security mailing list