Mercurial prior to 4.3 did not adequately sanitize hostnames passed to ssh, leading to possible shell-injection attacks.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "mercurial": "2.8.2-1ubuntu1.4", "mercurial-dbgsym": "2.8.2-1ubuntu1.4", "mercurial-common": "2.8.2-1ubuntu1.4" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "mercurial": "3.7.3-1ubuntu1.1", "mercurial-dbgsym": "3.7.3-1ubuntu1.1", "mercurial-common": "3.7.3-1ubuntu1.1" } ] }