Mercurial before 3.7.3 allows remote attackers to execute arbitrary code via a crafted name when converting a Git repository.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial" }, { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial-common" }, { "binary_version": "2.8.2-1ubuntu1.4", "binary_name": "mercurial-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "3.7.3-1ubuntu1", "binary_name": "mercurial" }, { "binary_version": "3.7.3-1ubuntu1", "binary_name": "mercurial-common" }, { "binary_version": "3.7.3-1ubuntu1", "binary_name": "mercurial-dbgsym" } ] }