mercurial

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description A scalable distributed SCM tool
Version 4.5-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-378 4.2.2-1 4.2.3-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2017-1000116 AVG-378 Critical Yes Arbitrary command execution
Mercurial < 4.3 was not sanitizing hostnames passed to ssh, allowing shell injection attacks on clients by specifying a hostname starting with...
CVE-2017-1000115 AVG-378 High Yes Arbitrary filesystem access
Mercurial's symlink auditing was incomplete prior to 4.3, and could be abused to write to files outside the repository.

Advisories

Date Advisory Group Severity Description
12 Aug 2017 ASA-201708-7 AVG-378 Critical multiple issues