Command injection through URL in Pidgin
elb at pidgin.im
Fri Jun 14 12:07:40 EDT 2013
Tomasz Wasilczyk spake unto us the following wisdom:
> $ hg clone ssh://hg.pidgin.im/private/main private-main
> running ssh hg.pidgin.im 'hg -R private/main serve --stdio'
> remote: mercurial-server: access denied
> abort: no suitable response from remote hg!
> Do I have proper access rights for this repository?
You do now. Your key hadn't been moved from CPW to dev. I just
pushed that change.
More information about the security