UbuntuUpdates.org

Bugs fixes in "mercurial"

Origin Bug number Title Date fixed
CVE CVE-2018-1000132 Mercurial version 4.5 and earlier contains a Incorrect Access Control (CWE-285) vulnerability in Protocol server that can result in Unauthorized data 2018-11-22
CVE CVE-2018-13348 The mpatch_decode function in mpatch.c in Mercurial before 4.6.1 mishandles certain situations where there should be at least 12 bytes remaining afte 2018-11-22
CVE CVE-2018-13346 The mpatch_apply function in mpatch.c in Mercurial before 4.6.1 incorrectly proceeds in cases where the fragment start is past the end of the origina 2018-11-22
CVE CVE-2018-13347 mpatch.c in Mercurial before 4.6.1 mishandles integer addition and subtraction, aka OVE-20180430-0002. 2018-11-22
CVE CVE-2017-1000116 Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks. 2018-11-22
CVE CVE-2017-1000115 Mercurial prior to version 4.3 is vulnerable to a missing symlink check that can malicious repositories to modify files outside the repository 2018-11-22
CVE CVE-2017-17458 In Mercurial before 4.4.1, it is possible that a specially malformed repository can cause Git subrepositories to run arbitrary code in the form of a 2018-11-22
CVE CVE-2017-9462 In Mercurial before 4.1.3, "hg serve --stdio" allows remote authenticated users to launch the Python debugger, and consequently execute arbitrary cod 2018-11-22
CVE CVE-2016-3105 The convert extension in Mercurial before 3.8 might allow context-dependent attackers to execute arbitrary code via a crafted git repository name. 2018-11-22
CVE CVE-2016-3630 remote code execution in binary delta decoding 2016-04-07
CVE CVE-2016-3069 arbitrary code execution when converting Git repos 2016-04-07
CVE CVE-2016-3068 arbitrary code execution with Git subrepos 2016-04-07
Debian 807021 mercurial: FTBFS when built with dpkg-buildpackage -A (No such file or directory) - Debian Bug report logs 2016-04-07


About   -   Send Feedback to @ubuntu_updates