|Created||Thu Aug 10 21:11:56 2017|
|CVE-2017-1000116||Critical||Yes||Arbitrary command execution||
Mercurial < 4.3 was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with...
|CVE-2017-1000115||High||Yes||Arbitrary filesystem access||
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.
|12 Aug 2017||ASA-201708-7||mercurial||multiple issues|