Gentoo Linux Security Advisory 201709-18 - Multiple vulnerabilities have been found in Mercurial, the worst of which could lead to the remote execution of arbitrary code. Versions less than 4.3 are affected.
89aefc9a366cff54114ccf79e3fe3ca7be36701152914d2c0e752658790e251bSourceTree suffers from multiple remote code execution vulnerabilities that can be triggered via hostile repositories being checked in. SourceTree for macOS versions prior to 2.6.1 and SourceTree for Windows versions prior to 2.1.10 are affected.
1e50b9884995c5b9c544b4aa24ba0de7ea8f777b919770ce1a23e318b7d2c761Debian Linux Security Advisory 3963-1 - Several issues were discovered in Mercurial, a distributed revision control system.
bd83f96fa1efaaffc2eddb423ae1e6ba6e4a8cbc1d79385bf890c4e6dae763baRed Hat Security Advisory 2017-2489-01 - Mercurial is a fast, lightweight source control management system designed for efficient handling of very large distributed projects. Security Fix: A vulnerability was found in the way Mercurial handles path auditing and caches the results. An attacker could abuse a repository with a series of commits mixing symlinks and regular files/directories to trick Mercurial into writing outside of a given repository. A shell command injection flaw related to the handling of "ssh" URLs has been discovered in Mercurial. This can be exploited to execute shell commands with the privileges of the user running the Mercurial client, for example, when performing a "checkout" or "update" action on a sub-repository within a malicious repository or a legitimate repository containing a malicious commit.
8738f069f2944ea66cc39edcf21cdadd76160904bb6eb1bd0d4f6efa07edf23cSlackware Security Advisory - New mercurial packages are available for Slackware 14.0, 14.1, 14.2, and -current to fix security issues.
e9a3e10f787f19af20556a8626c0eec971c3bc7891353842436625abb0d5e43c
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed