Security update for fossil
This update for fossil to version 2.4 fixes the following issues:
- CVE-2017-17459: Client-side code execution via crafted "ssh://" URLs (bsc#1071709)
The impact of this vulnerability is more limited than similar vectors fixed in other SCMs,
as there is no known way to mask the repository URL or otherwise trigger non-interactively.
This update also contains all bug fixes and improvements in the 2.4 release:
- URL Aliases
- tech-note search capability
- Various added command line options
- Annation depth is now configurable
The following legacy options are no longer available:
- --no-dir-symlinks option
- legacy configuration sync protocol
- Submitted by Reinhard Max (rmax)
Fixed bugs
bnc#1071709
VUL-0: CVE-2017-17459: fossil: client-side code execution via specially crafted ssh:// URL (ProxyCommand)