CVE-2008-2942
Directory traversal vulnerability in patch.py in Mercurial 1.0.1 allows user-assisted attackers to modify arbitrary files via ".." (dot dot) sequences in a patch file.
Date published : 2008-06-30
http://www.securityfocus.com/bid/30072
http://www.securityfocus.com/archive/1/493881/100/0/threaded