[ Jamie Strandboge ] * SECURITY UPDATE: fix for improperly handling case-insensitive paths on Windows and OS X clients - http://selenic.com/repo/hg-stable/rev/885bd7c5c7e3 - http://selenic.com/repo/hg-stable/rev/c02a05cc6f5e - http://selenic.com/repo/hg-stable/rev/6dad422ecc5a - CVE-2014-9390 - LP: #1404035
[ Marc Deslauriers ] * SECURITY UPDATE: arbitrary command exection via crafted repository name in a clone command - d/p/from_upstream__sshpeer_more_thorough_shell_quoting.patch: add more thorough shell quoting to mercurial/sshpeer.py. - CVE-2014-9462