MGASA-2016-0138

Source
https://advisories.mageia.org/MGASA-2016-0138.html
Import Source
https://advisories.mageia.org/MGASA-2016-0138.json
JSON Data
https://api.test.osv.dev/v1/vulns/MGASA-2016-0138
Related
Published
2016-04-13T17:39:04Z
Modified
2016-04-13T17:32:11Z
Summary
Updated mercurial packages fix security vulnerabilities
Details

Updated mercurial packages fix security vulnerabilities:

Blake Burkhart discovered that Mercurial allows URLs for Git subrepositories that could result in arbitrary code execution on clone (CVE-2016-3068).

Blake Burkhart discovered that Mercurial allows arbitrary code execution when converting Git repositories with specially crafted names (CVE-2016-3069).

It was discovered that Mercurial does not properly perform bounds-checking in its binary delta decoder, which may be exploitable for remote code execution via clone, push or pull (CVE-2016-3630).

References
Credits

Affected packages

Mageia:5 / mercurial

Package

Name
mercurial
Purl
pkg:rpm/mageia/mercurial?distro=mageia-5

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.1-5.1.mga5

Ecosystem specific

{
    "section": "core"
}