|
|
Subscribe / Log in / New account

mercurial: code execution

Package(s):mercurial CVE #(s):CVE-2016-3105
Created:May 3, 2016 Updated:May 18, 2016
Description: From the Slackware advisory:

This update fixes possible arbitrary code execution when converting Git repos. Mercurial prior to 3.8 allowed arbitrary code execution when using the convert extension on Git repos with hostile names. This could affect automated code conversion services that allow arbitrary repository names. This is a further side-effect of Git CVE-2015-7545. Reported and fixed by Blake Burkhart.

Alerts:
openSUSE openSUSE-SU-2016:1336-1 mercurial 2016-05-18
Mageia MGASA-2016-0172 mercurial 2016-05-12
Debian-LTS DLA-459-1 mercurial 2016-05-06
Arch Linux ASA-201605-10 mercurial 2016-05-06
Debian DSA-3570-1 mercurial 2016-05-05
Slackware SSA:2016-123-01 mercurial 2016-05-02
Gentoo 201612-19 mercurial 2016-12-07
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds