DSA-3542-1 mercurial -- mercurialID: oval:org.secpod.oval:def:602459 | Date: (C)2016-04-28 (M)2023-06-28 |
Class: PATCH | Family: unix |
Several vulnerabilities have been discovered in Mercurial, a distributed version control system. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2016-3068 Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone. CVE-2016-3069 Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git repositories with specially crafted names. CVE-2016-3630 It was discovered that Mercurial does not properly perform bounds- checking in its binary delta decoder, which may be exploitable for remote code execution via clone, push or pull.
Platform: |
Debian 8.x |
Debian 7.x |